2642 matches found
Directory Traversal
glibc is vulnerable to directory traversal attacks. The vulnerability exists through multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a...
Arbitrary Code Execution
dbus is vulnerable to arbitrary code execution attacks. The vulnerability exists as libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS...
Information Disclosure
managesieve is vulnerable to information disclosure attacks. The vulnerability exists as the environment variable SIEVEPASSWORD is disclosed when displaying usage help...
GNU inetutils 1.9.4 telnet.c Overflows
GNU inetutils = 1.9.4 telnet.c multiple overflows ================================================== GNU inetutils is vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. Most modern...
MariaDB Client 10.1.26 Denial Of Service
Exploit Title: MariaDB Client 10.1.26 - Denial of Service PoC Google Dork: None Date: 2018-11-16 Exploit Author: strider Software Link: https://github.com/MariaDB/server Version: mysql Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu x8664 using readline 5.2 Tested on: Debian 9 Stretch x64 ...
MariaDB Client 10.1.26 - Denial of Service Exploit
Exploit Title: MariaDB Client 10.1.26 - Denial of Service PoC Google Dork: None Date: 2018-11-16 Exploit Author: strider Software Link: https://github.com/MariaDB/server Version: mysql Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu x8664 using readline 5.2 Tested on: Debian 9 Stretch x64 ...
MariaDB Client 10.1.26 - Denial of Service (PoC)
Exploit Title: MariaDB Client 10.1.26 - Denial of Service PoC Google Dork: None Date: 2018-11-16 Exploit Author: strider Software Link: https://github.com/MariaDB/server Version: mysql Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu x8664 using readline 5.2 Tested on: Debian 9 Stretch x64 ...
[SECURITY] Fedora 27 Update: libconfuse-3.2.2-1.fc27
libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and lists of values strings, integers, floats, booleans or other sections, as well as some other features such as single/double-quoted strings, environment variab...
Cmd and Conquer: De-DOSfuscation with flare-qdb
When Daniel Bohannon released his excellent DOSfuscation paper, I was fascinated to see how tricks I used as a systems engineer could help attackers evade detection. I didn’t have much to contribute to this conversation until I had to analyze a hideously obfuscated batch file as part of my job on...
Updated lilypond packages fix security vulnerability
lilypond does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks CVE-2017-17523...
Solaris EXTREMEPARR dtappgather Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Solaris 'EXTREMEPARR' dtappgather Privilege Escalation", 'Description' = %q This module exploits a directory traversal vulnerability in the...
Solaris 'EXTREMEPARR' dtappgather Privilege Escalation
This module exploits a directory traversal vulnerability in the dtappgather executable included with Common Desktop Environment CDE on unpatched Solaris systems prior to Solaris 10u11 which allows users to gain root privileges. dtappgather allows users to create a user-owned directory at any...
Solaris libnspr NSPR_LOG_FILE Privilege Escalation Exploit
This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library libnspr on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the...
GitLab: Bypass of GitLab CI runner slash fix in YAML validation
Hi Gitlab Security, I notice the bug 301432 that Jobert reported earlier is could be bypassed by setting variable in environment. The reason is that the fix in place preventing url normalization is performed by doing the YAML validation, however this could be bypassed by setting the environment...
Environment Variable Injection in extension "AWS SDK for PHP" (aws_sdk_php)
The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...
Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)
The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...
Fedora 27 : libtomcrypt (2018-39e0872379)
Fix Side Channel Based ECDSA Key Extraction CVE-2018-12437 PR 408 - Fix potential stack overflow when DER flexi-decoding CVE-2018-0739 PR 373 - Fix two-key 3DES PR 390 - Fix accelerated CTR mode PR 359 - Fix Fortuna PRNG PR 363 - Fix compilation on platforms where cc doesn't point to gcc PR 382 -...
CVE-2018-11049
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious co...
CVE-2018-11049
The CVE-2018-11049 entry describes an uncontrolled search path vulnerability affecting Dell RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG. Root cause: installation scripts set an environment variable in an unintended manner, enabling a local authenticated us...
EulerOS 2.0 SP2 : procps-ng (EulerOS-SA-2018-1198)
According to the versions of the procps-ng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - procps-ng, procps: Integer overflows leading to heap overflow in file2strvec CVE-2018-1124 - procps-ng, procps: incorrect integer size in...