CVE-2018-17787

On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function...

Command injection

On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function...

CVE-2018-17787

On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function...

Design/Logic Flaw

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to...

CVE-2016-7076

CVE-2016-7076 affects the sudo utility prior to version 1.8.18p1. The root cause is a bypass of the noexec restriction when a user-supplied argument is passed to the C library function wordexp() during execution via sudo, enabling a local user to run an application with noexec and potentially exe...

CVE-2016-7076

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to...

postgresql security update

CentOS Errata and Security Advisory CESA-2015:1194 Updated postgresql packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

PLD Software Ebola 0.1.4 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9156/info It has been reported that a buffer overflow condition is present in the authentication mechanism implemented in Ebola. The condition is due to the use of the C library function sprintf to construct an error...

kpopup 0.9.x Privileged Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8915/info It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default. According to the report, kpopup uses the system3 C-library functi...

CVE-2014-0066

The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service NULL pointer...

Code injection

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function...

CVE-2013-3045

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function...

CVE-2012-4076

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780...

CVE-2012-4076

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780...

CVE-2012-4076

CVE-2012-4076 affects Cisco NX-OS with a local-privilege escalation via shell metacharacters in a call to the system() library function. The issue arises from improper input handling during command processing (Bug IDs CSCtf23559 and CSCtf27780). Public sources describe that an authenticated, loca...

Design/Logic Flaw

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsbrelease binary in a directory in the PATH, related to use of the popen library function...

CVE-2013-2546

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAPNETADMIN capability...

Google Chrome multiple vulnerabilities - September11 (Linux)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnsep11lin.nasl 7015 2017-08-28 11:51:24Z teissa $ Google Chrome multiple vulnerabilities - September11 Linux Authors: Rachana Shetty Copyright: Copyright c 2011 Greenbo...

CVE-2011-2839

Removed by vendor...

CVE-2009-3278

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack...