UBUNTU-CVE-2018-14654

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...

DRUPAL-CONTRIB-2018-073

The Paragraphs module allows Drupal Site Builders to make content organization cleaner so that you can give more editing power to end-users. The module doesn't sufficiently check access to create new paragraph entities which can cause access bypass issues when used in combination with other...

glusterfs: glusterfs server exploitable via symlinks to relative paths

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes vi...

glusterfs: glusterfs server exploitable via symlinks to relative paths

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes vi...

kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...

kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...

kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...

UBUNTU-CVE-2016-10729

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root...

CVE-2018-18417

In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI...

CVE-2018-18417

In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI...

CVE-2018-18417

In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI...

GHSA-FFJH-FJGG-MFPQ Moderate severity vulnerability that affects org.apache.ranger:ranger

In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table...

Moderate severity vulnerability that affects org.apache.ranger:ranger

In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table...

GHSA-RF7Q-XQM3-6923 Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML

Cross-site scripting XSS vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies...

CVE-2018-18372

A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter...

kernel: Integer overflow in Linux's create_elf_tables function

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...

Ekushey Project Manager CRM 3.1 Cross Site Scripting Vulnerability

Ekushey Project Manager CRM version 3.1 suffers from a persistent cross site scripting vulnerability. Exploit Title: Ekushey Project Manager CRM 3.1 - Cross-site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: http://creativeitem.com/ Software Link : http://creativeitem.com/demo/ekushe...

kernel: Integer overflow in Linux's create_elf_tables function

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...

LUYA CMS Cross-Site Scripting Vulnerability

LUYA CMS is a scalable content management system CMS. A cross-site scripting vulnerability exists in LUYA CMS version 1.0.12. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via /admin/api-cms-nav/create-page...

CVE-2018-18259

Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page...