Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from overlayfs not handling pure data directories correctly, which could cause the kernel to crash...

CVE-2023-3321

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts...

CVE-2023-3324 Insecure deserialization in zenon internal DLLs

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts...

UBUNTU-CVE-2020-15113

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...

DEBIAN-CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

GLSA-202006-20 : Asterisk: Root privilege escalation

The remote host is affected by the vulnerability described in GLSA-202006-20 Asterisk: Root privilege escalation It was discovered that Gentoos Asterisk ebuild does not properly set permissions on its data directories. This only affects OpenRC systems, as the flaw was exploitable via the init...

POC-T

This is a Python-based penetration testing framework called POC-T. It is designed to facilitate concurrent testing of multiple targets and supports various features such as multi-threading, URL parsing, and user agent management. The framework includes a range of scripts for testing different...

CVE-2006-0370

Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes...