3293 matches found
wesnoth: information leakage
Wesnoth implements a text preprocessing language that is used in conjunction with its own game scripting language. It also has a built-in Lua interpreter and API. Both the Lua API and the preprocessor make use of the same function filesystem::getwmllocation to resolve file paths so that only...
Updated redis package fixes security vulnerability
It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code CVE-2015-4335...
MGASA-2015-0244 Updated redis package fixes security vulnerability
It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code CVE-2015-4335...
Redis EVAL Lua Sandbox Security Bypass Vulnerability
Redis is an open source memory-based and key-value pair storage the simplest form of database organization database system. Redis has a security vulnerability that allows a remote attacker to bypass certain security restrictions by submitting a special eval command to execute arbitrary Lua byteco...
CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
DEBIAN-CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
AZL-44232 CVE-2015-4335 affecting package compat-lua 5.1.5-17
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
UBUNTU-CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
Command injection
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...
Debian DSA-3279-1 : redis - security update
It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
Redis LUA Exploit | Cloud Foundry
Redis LUA Exploit High Vendor Redis Versions Affected Redis 3.0.1 or older Redis 2.8.20 or older Redis 2.6.x Description It was discovered that it is possible to break out of the LUA sandbox in Redis and execute arbitrary code. The user must have access to the Redis process to connect and execute...
CVE-2015-4335 — Redis EVAL Lua Sandbox Escape
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. Recent assessments: hrbrmstr at June 08, 2020 6:38pm UTC reported: Ben Murphy’s dissection — — is pretty thorough. Assessed Attacker Value: 5 Assessed Attacker Value: 5Assessed...
FreeBSD : redis -- EVAL Lua Sandbox Escape (838fa84a-0e25-11e5-90e4-d050996490d0)
Ben Murphy reports : It is possible to break out of the Lua sandbox in Redis and execute arbitrary code. This shouldn't pose a threat to users under the trusted Redis security model where only trusted users can connect to the database. However, in real deployments there could be databases that ca...
[SECURITY] [DSA 3279-1] redis security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3279-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini June 06, 2015 http://www.debian.org/security/faq -...
[CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability
Exploit Title: Wing FTP Server Remote Code Execution vulnerability Product: Wing FTP Server Vulnerable Versions: 4.4.6 and all previous versions Tested Version: 4.4.6 Advisory Publication: 05/06/2015 Latest Update: 05/06/2015 Vulnerability Type: Improper Control of Generation of Code CWE-94 CVE...
redis restrictions bypass
Lua sandbox escaping...