1015 matches found
Design/Logic Flaw
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in...
CVE-2017-2850
Summary (CVE-2017-2850): The Foscam C1 Indoor HD Camera (firmware 2.52.2.37) is affected by a vulnerability in the CGIProxy.fcgi service where the Change Username operation can inject arbitrary characters into the pureftpd.passwd file. This bypasses FTP chroot and enables privilege escalation via...
CVE-2017-2850
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in...
CVE-2015-3315
Automatic Bug Reporting Tool ABRT allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on 1 /var/tmp/abrt//maps, 2 /tmp/jvm-/hserror.log, 3 /proc//exe, 4 /etc/os-release in a chroot, or 5 an unspecified root directory relate...
PYSEC-2017-3
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack...
Code injection
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack...
PYSEC-2017-3
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack...
UBUNTU-CVE-2015-6240
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack...
DEBIAN-CVE-2015-6240
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack...
CVE-2015-6240
CVE-2015-6240 concerns Ansible, where the chroot, jail, and zone connection plugins allow a local attacker to escape a restricted environment via a symlink attack. Affected software is Ansible versions older than 1.9.2, as described in multiple sources (including GHSA and Debian/Ubuntu advisories...
CVE-2015-6240
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack...
OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0100)
The remote OracleVM system is missing necessary patches to address critical security updates : - Fix DNSKEY that encountered a CNAME 1447869, ISC change 3391 - Fix CVE-2017-3136 ISC change 4575 - Fix CVE-2017-3137 ISC change 4578 - Fix and test caching CNAME before DNAME ISC change 4558 - Fix...
OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)
The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 ISC change 4575 - Fix CVE-2017-3137 ISC change 4578 - Fix and test caching CNAME before DNAME ISC change 4558 - Fix CVE-2016-9147 ISC change 4510 - Fix regression introduced by...
Fedora 25 : proftpd (2017-c6f424c3ff)
Current upstream maintenance release for the 1.3.5 series. Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component other than the last one...
Design/Logic Flaw
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file...
CVE-2016-6299
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file...
UBUNTU-CVE-2016-6299
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file...
CVE-2016-6299
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file...
CVE-2016-6299
CVE-2016-6299 affects the scm plug-in in mock, where crafted spec files can bypass the chroot protection and grant the attacker root privileges. This is a local-type vulnerability with high impact (C/H/I/A) per CVSS. Fedora advisories indicate a security fix was released for this CVE; other sourc...
CVE-2016-6299
Removed by vendor...