165 matches found
CVE-2019-20400
The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability...
Confluence on Windows was vulnerable to DLL hijacking - CVE-2019-20406
The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a dll file in a directory in the global path environmental variable variable to inject code & escala...
Slack: Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation
Overview The Nebula clients for Darwin and Windows call relative paths in "exec.Command" to "ifconfig" and "route" executables on Darwin, and to "netsh" on Windows. These commands are entered using relative paths, not absolute paths such as /sbin/ifconfig. When a binary is run with a relative pat...
Oracle Linux 7 : php (ELSA-2016-2598)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2598 advisory. - bz2: fix improper error handling in bzread CVE-2016-5399 - gd: fix integer overflow in gd2GetHeader resulting in heap overflow CVE-2016-5766 - gd: fi...
tomcat security, bug fix, and enhancement update
0:7.0.69-10 - Related: rhbz1368122 0:7.0.69-9 - Resolves: rhbz1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - Resolves: rhbz1368122 0:7.0.69-7 - Resolves: rhbz1362545 0:7.0.69-6 - Related: rhbz1201409 Added /etc/sysconfig/tomcat to the systemd unit fo...
Updated golang package fixes security vulnerability
Updated golang packages fix security vulnerability: Go: sets environmental variable based on user supplied Proxy request header CVE-2016-5386...
Updated python3/python packages fix security vulnerability
Fix for CVE-2016-1000110 HTTPoxy attack. Many software projects and vendors have implemented support for the “Proxy” request header in their respective CGI implementations and languages by creating the “HTTPPROXY” environmental variable based on the header value. When this variable is used in man...
php security update
5.3.3-48 - don't set environmental variable based on user supplied Proxy request header CVE-2016-5385...
SIP Script Remote Command Execution via Shellshock
The remote host appears to be running SIP. SIP itself is not vulnerable to Shellshock; however, any Bash script that SIP runs for filtering or other routing tasks could potentially be affected if the script exports an environmental variable from the content or headers of a SIP message. A negative...
Bash Me Some More
Good morning! This is kinda long. == Background == If you are not familiar with the original bash function export vulnerability CVE-2014-6271, you may want to have a look at this article: http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html Well, long story short: the...
GTK+ 1.2.8 Arbitrary Loadable Module Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2165/info GTK+ is the Gimp Toolkit, freely available to the public and maintained by the GTK Development Team. A problem exists in the Gimp Toolkit that could allow a user elevated privileges. The problem occurs in the...
McKesson ActiveX File/Environmental Variable Enumeration
No description provided by source. html !-- McKesson ActiveX File/Environmental Variable Enumeration Vendor: McKesson Version: 11.0.10.38 Tested on: Windows XP SP3 / IE Download: N/A Author: Blake Additional Details: This activex control is packaged with the Horizon Rad Station software used by...
KDE 1.1/1.1.1/1.2/2.0 kscd SHELL Environmental Variable Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1206/info Some linux distributions S.u.S.E. 6.4 reported ship with kscd a CD player for the KDE Desktop sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This makes it possible to...
McKesson ActiveX File/Environmental Variable Enumeration
Exploit for windows platform in category remote exploits McKesson Rad Station ActiveX File/Variable Enumeration McKesson Rad Station File Enumeration This proof of concept will check if a file exists on the victim's machine or display the contents of an environmental variable. It uses the member...
McKesson - ActiveX FileEnvironmental Variable Enumeration
McKesson - ActiveX FileEnvironmental Variable Enumeration McKesson Rad Station ActiveX File/Variable Enumeration McKesson Rad Station File Enumeration This proof of concept will check if a file exists on the victim's machine or display the contents of an environmental variable. It uses the member...
McKesson - ActiveX File/Environmental Variable Enumeration
McKesson Rad Station ActiveX File/Variable Enumeration McKesson Rad Station File Enumeration This proof of concept will check if a file exists on the victim's machine or display the contents of an environmental variable. It uses the member OpenTextFile from DXVLauncherLib.McKLauncher and returns ...
ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision Advisories Updated January 25, 2012 Summary: RSA, The Security Division of EMC, announces security fixes to address a security vulnerability and provide an...
FreeBSD : apache -- ap_resolve_env buffer overflow (4d49f4ba-071f-11d9-b45d-000c41e2cdad)
SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files the main httpd.conf' and .htaccess' files. According to a SITIC advisory : The buffer overflow occurs when expanding $ENVVAR constructs in .htaccess or httpd.conf files. The...
Debian Security Advisory DSA 1328-1 (unicon-imc2)
The remote host is missing an update to unicon-imc2 announced via advisory DSA 1328-1. OpenVAS Vulnerability Test $Id: deb13281.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1328-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian: Security Advisory (DSA-1328-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...