CVE-2022-24552

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...

Command Injection

@saagie/sdk is vulnerable to command injection. An attacker is able to retrieve the secret tokens via injecting arbitrary commands into the bash scripts through closeissue.yml and createissue.yml...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-403...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-403...

Mageia: Security Advisory (MGASA-2014-0388)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0393)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271...

Mageia: Security Advisory (MGASA-2021-0288)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0393)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0163)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0394)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0005)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034 CVE-2021-4034...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

██████╗ ██╗ ██╗██╗ ██╗███╗ ██╗███████╗██████╗ ██╔══██...

GLSA-202105-34 : Bash: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-202105-34 Bash: Privilege escalation It was discovered that Bash incorrectly dropped privileges by setting its effective UID to its real UID. Impact : A local attacker could possibly escalate privileges. Workaround : There is no...

[SECURITY] Fedora 35 Update: thefuck-3.32-1.fc35

This application corrects your previous console command. If you use BASH, you should add these lines to your .bashrc: alias fuck=3D'eval $thefuck $fc -ln -1; history -r' alias FUCK=3D'fuck' For other shells please check /usr/share/doc/thefuck/README.md...

[SECURITY] Fedora 34 Update: thefuck-3.32-1.fc34

This application corrects your previous console command. If you use BASH, you should add these lines to your .bashrc: alias fuck=3D'eval $thefuck $fc -ln -1; history -r' alias FUCK=3D'fuck' For other shells please check /usr/share/doc/thefuck/README.md...

SpoofThatMail - Bash Script To Check If A Domain Or List Of Domains Can Be Spoofed Based In DMARC Records

Bash script to check if a domain or list of domains can be spoofed based in DMARC records File with domains: sh SpoofThatMail.sh -f domains.txt One single domain: sh SpoofThatMail.sh -d domain Download SpoofThatMail...

Command Execution Vulnerability in Opmantek Open-AudIT

Opmantek Open-AudIT is a network auditing program based on PHP, bash shell and VB language. Opmantek Open-AudIT suffers from a command execution vulnerability that can be exploited by a remote attacker to submit a special request and execute a command...

in polonel/trudesk

Description When logging in, the login page will tell you whether or not a username exists which is a vulnerability since it can be paired with the lack of rate limitation when logging in in order to help an attacker find out which accounts exist & then brute force those accounts' login...