10 matches found
CVE-2022-42457
Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches runupdate in /usr/bin/gxserve-update.sh e.g., command execution can occur via a reverse shell installed by install.sh...
CVE-2022-42457
Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches runupdate in /usr/bin/gxserve-update.sh e.g., command execution can occur via a reverse shell installed by install.sh...
Security update for nim (moderate)
openSUSE Security Update: Security update for nim Announcement ID: openSUSE-SU-2021:0618-1 Rating: moderate References: 1185083 1185084 1185085 Cross-References: CVE-2021-21372 CVE-2021-21373 CVE-2021-21374 CVSS scores: CVE-2021-21374 NVD : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affecte...
CVE-2018-12556
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any arbitrary key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn...
CVE-2018-12556
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any arbitrary key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn...
CVE-2018-12556
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any arbitrary key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn...
CoffeeMiner - Collaborative (MITM) Cryptocurrency Mining Pool In Wifi Networks
Collaborative mitm cryptocurrency mining pool in wifi networks Warning: this project is for academic/research purposes only. A blog post about this project can be read here: http://arnaucode.com/blog/coffeeminer-hacking-wifi-cryptocurrency-miner.html Concept Performs a MITM attack to all selected...
SaltStack Insecure Temporary File Vulnerability
SaltStack is an open source set of tools for managing infrastructure. SaltStack has a security vulnerability due to the serverdensitydevice.py module creating the 'install.sh' temporary file in an incorrect way. This allows an attacker to perform arbitrary file operations via symbolic links...
CVE-2014-3020
install.sh in the Embedded WebSphere Application Server eWAS 7.0 before FP33 in IBM Tivoli Integrated Portal TIP 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program...
CVE-2014-3020
CVE-2014-3020 affects IBM embedded WebSphere Application Server (eWAS) 7.0 bundled with IBM Tivoli/Directory Server. An optional install script (install.sh) may grant write access to the installRoot directory, enabling local privilege escalation via a Trojan horse. IBM security bulletins describe...