Fedora 31 : rsyslog (2019-ea7d5876a4)

rebase to upstream version 8.1911.0 ------------------------------------------------- new modules available : - ClickHouse output - generic REST API http output - docker API input - misc. external program input takes output of specified binary as log source Note that Tenable Network Security has...

DEBIAN-CVE-2019-13640

In qBittorrent before 4.1.7, the function Application::runExternalProgram located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed...

HackerOne: Custom Field Attributes may be created and updated for customers with Custom Field Trial enabled

The Custom Field feature is currently only available for customers on the Enterprise product edition. A trial period can be given by enabling the custom-fields-trial feature for programs who are not on that product edition yet. However, when enabling this feature, the incorrect ordering of an ACL...

HackerOne: Attacker can claim credentials for private program that has a published external program

An attacker can obtain credentials for private programs that have a published external program, even when the attacker doesn't have access to the private program. Here is the regression spec to proof the security vulnerability: diff diff --git...

HackerOne: User with privilege to maintain External Programs can update certain churned HackerOne programs

Summary: You wrote that some programs are behind, but you are trying to get them back sorry maybe bad translation Description: Apparently because of a system error, I have access to change information in the public program. This option is given only for external programs.But here is a public...

Synaptics Keyboard & Touchpad Driver Running Arbitrary Code - Lenovo Support US

No description provided...

HackerOne: Team object in GraphQL that have a published external program may expose existence of a private program

Summary: Hi Team! On Team object the parameter "icannotcreatejirawebhookreasons" is not NULL and gets the following default states when called for all programs "CANNOTVIEW","FEATUREGATED","PROGRAMPERMISSIONREQUIRED" If a Company Program runs a Private Program or a Public On the "FEATUREGATED" is...

UBUNTU-CVE-2017-17514

DISPUTED boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the...

Pure-FTPd External Authentication Bash Environment Variable Code Injection

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Ftp include...

Caldera X Server 7.1/8.0 External Program Privileged Invocation Weakness

No description provided by source. source: http://www.securityfocus.com/bid/5575/info Caldera's X Server implementation invokes external commands without dropping existing privilege levels. Xserver calls xkbcomp, and other related utilities, in an unsecure manner using the popen or system calls...

DEBIAN-CVE-2014-3227

dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to...

Sysax FTP Automation Server 5.33 Privilege Escalation

Title: Sysax FTP Automation Server Local Privilege Escalation Author: Craig Freyman @cd1zz OS Tested: XP SP3 32bit Version Tested: 5.33 Date Discovered: October 1, 2012 Vendor Contacted: October 21, 2012 Vendor Response: November 1, 2012 Demo:...

[ MDVSA-2011:055 ] openldap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:055 http://www.mandriva.com/security/ Package : openldap Date : March 30, 2011 Affected: 2009.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been identified and fixed in openldap:...

CVE-2011-1024

chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicyforwardupdates aka authentication-failure forwarding is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a sla...

How to create pseudo log-vulnerability warning-the black bar safety net

A, execute the external program DIM objShell set objShell="" iReturn=" /C set var=world", 1, TRUE Save As. the vbs file can be. In this code, we first set an environment variable, which is named var, and the value of the world, the user can use%Comspec%instead, and you can put the command: set...

SLURM privilege escalation

Group privileges are not gropped on external program invocation...

CVE-2008-3329

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."...

DEBIAN-CVE-2008-3329

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."...

USN-493-1: Firefox vulnerabilities

A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data such as passwords, of other web pages. CVE-2007-3844 Jesper Johansson discovered that spaces and double-quotes were not correctly...

Squirrelmail vacation plugin shell characters problem

Unfiltered shell characters on ftpfile external program invocation...