Lucene search
K

165 matches found

Cvelist
Cvelist
added 2020/02/06 3:10 a.m.18 views

CVE-2019-20400

The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability...

7.5AI score0.00367EPSS
Exploits0References1
Atlassian
Atlassian
added 2020/02/04 11:56 p.m.76 views

Confluence on Windows was vulnerable to DLL hijacking - CVE-2019-20406

The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to write a dll file in a directory in the global path environmental variable variable to inject code & escala...

7.8CVSS4.6AI score0.0048EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2020/01/28 12:43 p.m.33 views

Slack: Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation

Overview The Nebula clients for Darwin and Windows call relative paths in "exec.Command" to "ifconfig" and "route" executables on Darwin, and to "netsh" on Windows. These commands are entered using relative paths, not absolute paths such as /sbin/ifconfig. When a binary is run with a relative pat...

0.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/11/11 12:0 a.m.80 views

Oracle Linux 7 : php (ELSA-2016-2598)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2598 advisory. - bz2: fix improper error handling in bzread CVE-2016-5399 - gd: fix integer overflow in gd2GetHeader resulting in heap overflow CVE-2016-5766 - gd: fi...

9.8CVSS7.2AI score0.50427EPSS
Exploits7References5
Oracle linux
Oracle linux
added 2016/11/09 12:0 a.m.54 views

tomcat security, bug fix, and enhancement update

0:7.0.69-10 - Related: rhbz1368122 0:7.0.69-9 - Resolves: rhbz1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - Resolves: rhbz1368122 0:7.0.69-7 - Resolves: rhbz1362545 0:7.0.69-6 - Related: rhbz1201409 Added /etc/sysconfig/tomcat to the systemd unit fo...

8.8CVSS0.6AI score0.35927EPSS
Exploits0
Mageia
Mageia
added 2016/09/23 8:57 p.m.45 views

Updated golang package fixes security vulnerability

Updated golang packages fix security vulnerability: Go: sets environmental variable based on user supplied Proxy request header CVE-2016-5386...

8.1CVSS2.1AI score0.0522EPSS
Exploits0References2
Mageia
Mageia
added 2016/08/31 5:34 p.m.44 views

Updated python3/python packages fix security vulnerability

Fix for CVE-2016-1000110 HTTPoxy attack. Many software projects and vendors have implemented support for the “Proxy” request header in their respective CGI implementations and languages by creating the “HTTPPROXY” environmental variable based on the header value. When this variable is used in man...

6.1CVSS2AI score0.04526EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2016/08/11 12:0 a.m.35 views

php security update

5.3.3-48 - don't set environmental variable based on user supplied Proxy request header CVE-2016-5385...

5.1CVSS1.3AI score0.50427EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/11/03 12:0 a.m.292 views

SIP Script Remote Command Execution via Shellshock

The remote host appears to be running SIP. SIP itself is not vulnerable to Shellshock; however, any Bash script that SIP runs for filtering or other routing tasks could potentially be affected if the script exports an environmental variable from the content or headers of a SIP message. A negative...

10CVSS8.3AI score0.99999EPSS
Exploits131References4
Packet Storm
Packet Storm
added 2014/10/01 12:0 a.m.92 views

Bash Me Some More

Good morning! This is kinda long. == Background == If you are not familiar with the original bash function export vulnerability CVE-2014-6271, you may want to have a look at this article: http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html Well, long story short: the...

10CVSS0.1AI score0.99999EPSS
Exploits158
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.35 views

GTK+ 1.2.8 Arbitrary Loadable Module Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2165/info GTK+ is the Gimp Toolkit, freely available to the public and maintained by the GTK Development Team. A problem exists in the Gimp Toolkit that could allow a user elevated privileges. The problem occurs in the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

McKesson ActiveX File/Environmental Variable Enumeration

No description provided by source. html !-- McKesson ActiveX File/Environmental Variable Enumeration Vendor: McKesson Version: 11.0.10.38 Tested on: Windows XP SP3 / IE Download: N/A Author: Blake Additional Details: This activex control is packaged with the Horizon Rad Station software used by...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

KDE 1.1/1.1.1/1.2/2.0 kscd SHELL Environmental Variable Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1206/info Some linux distributions S.u.S.E. 6.4 reported ship with kscd a CD player for the KDE Desktop sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This makes it possible to...

7.1AI score
Exploits0
0day.today
0day.today
added 2013/09/19 12:0 a.m.34 views

McKesson ActiveX File/Environmental Variable Enumeration

Exploit for windows platform in category remote exploits McKesson Rad Station ActiveX File/Variable Enumeration McKesson Rad Station File Enumeration This proof of concept will check if a file exists on the victim's machine or display the contents of an environmental variable. It uses the member...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2013/09/18 12:0 a.m.29 views

McKesson - ActiveX FileEnvironmental Variable Enumeration

McKesson - ActiveX FileEnvironmental Variable Enumeration McKesson Rad Station ActiveX File/Variable Enumeration McKesson Rad Station File Enumeration This proof of concept will check if a file exists on the victim's machine or display the contents of an environmental variable. It uses the member...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2013/09/18 12:0 a.m.33 views

McKesson - ActiveX File/Environmental Variable Enumeration

McKesson Rad Station ActiveX File/Variable Enumeration McKesson Rad Station File Enumeration This proof of concept will check if a file exists on the victim's machine or display the contents of an environmental variable. It uses the member OpenTextFile from DXVLauncherLib.McKLauncher and returns ...

7AI score
Exploits0
securityvulns
securityvulns
added 2012/02/15 12:0 a.m.59 views

ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision Advisories Updated January 25, 2012 Summary: RSA, The Security Division of EMC, announces security fixes to address a security vulnerability and provide an...

5CVSS0.5AI score0.01182EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.26 views

FreeBSD : apache -- ap_resolve_env buffer overflow (4d49f4ba-071f-11d9-b45d-000c41e2cdad)

SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files the main httpd.conf' and .htaccess' files. According to a SITIC advisory : The buffer overflow occurs when expanding $ENVVAR constructs in .htaccess or httpd.conf files. The...

7.8CVSS5.9AI score0.01607EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.22 views

Debian Security Advisory DSA 1328-1 (unicon-imc2)

The remote host is missing an update to unicon-imc2 announced via advisory DSA 1328-1. OpenVAS Vulnerability Test $Id: deb13281.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1328-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

6.8CVSS0.5AI score0.00343EPSS
Exploits1
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.16 views

Debian: Security Advisory (DSA-1328-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.1AI score0.00343EPSS
Exploits1References3
Rows per page
Query Builder