CVE-2025-69426

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...

Coolify 操作系统命令注入漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. An operating system command injection vulnerability exists in versions prior to Coolify 4.0.0-beta.451, which stems from an unvalidated PostgreSQL initialization script filename that could lead ...

EUVD-2011-0551

Malware in sbrugna...

PHOENIX CONTACT CHARX SEC-3000 安全漏洞

PHOENIX CONTACT CHARX SEC is a series of AC charge controllers from PHOENIX CONTACT, Germany. A security vulnerability exists in the PHOENIX CONTACT CHARX SEC-3000 version 1.5.1 and earlier, which originates from a low-privileged local attacker who can perform an elevation of privilege using an...

Gentoo和SmokePing 安全漏洞

SmokePing is a network monitoring software developed by Tobias Oetiker, a Swiss software developer. The program's function is to monitor network performance, including monitoring www server performance, monitoring DNS query performance, monitoring SSH performance, and so on. A security...

New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems

A never-before-seen Linux malware has been dubbed a "Swiss Army Knife" for its modular architecture and its capability to install rootkits. This previously undetected Linux threat, called Lightning Framework by Intezer, is equipped with a plethora of features, making it one of the most intricate...

DEBIAN-CVE-2020-12831

An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some...

PostgreSQL Remote Elevation of Privilege Vulnerability

PostgreSQL is a free object-relational database management system developed by the PostgreSQL development group. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A remote elevation of privilege vulnerability exists i...

jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

tomcat: tomcat writable config files allow privilege escalation

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

tomcat: tomcat writable config files allow privilege escalation

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

CVE-2016-6325

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

Scientific Linux Security Update : dnsmasq on SL6.x i386/x86_64 (20130221)

It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS...

RedHat Update for tomcat6 RHSA-2011:0791-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2011-0532

The 1 backup and restore scripts, 2 main initialization script, and 3 ldap-agent script in 389 Directory Server 1.2.x aka Red Hat Directory Server 8.2.x place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the...

Directory traversal

The 1 backup and restore scripts, 2 main initialization script, and 3 ldap-agent script in 389 Directory Server 1.2.x aka Red Hat Directory Server 8.2.x place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the...

mysql security and bug fix update

5.0.77-3 - Add fix for CVE-2009-2446 format string vulnerability in COMCREATEDB and COMDROPDB processing Resolves: 512200 5.0.77-2 - Back-port upstream fix for CVE-2008-4456 mysql command line client XSS flaw Resolves: 502169 5.0.77-1 - Update to MySQL 5.0.77, for numerous fixes described at...

CVE-2007-0792

The modperl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file...

CVE-2007-0792

The modperl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file...

Дырка в HP-UX net.init

Инициализирующий скрипт некорректно работает с временными файлами, в результате любой файл можно испортить с помощью символьных линков...