8 matches found
Design/Logic Flaw
Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...
CVE-2014-3593
The CVE-2014-3593 entry concerns luci, affected up to version 0.26.0, where an eval() on cluster configuration inputs could be exploited by remote authenticated users with certain permissions to execute arbitrary Python code. Multiple trusted sources (Red Hat RHSA-2014:1390, CentOS/OSS advisories...
CVE-2014-3593
Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...
CVE-2013-4482
Untrusted search path vulnerability in python-paste-script aka paster in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the 1 current working directory or 2 its parent directories...
CVE-2013-4481
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."...
Design/Logic Flaw
Untrusted search path vulnerability in python-paste-script aka paster in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the 1 current working directory or 2 its parent directories...
CVE-2013-4482
Untrusted search path vulnerability in python-paste-script aka paster in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the 1 current working directory or 2 its parent directories...
CVE-2013-4482
CVE-2013-4482 affects Luci 0.26.0. The vulnerability is an untrusted search path issue: when Luci is started via its initscript, a local user can exploit a Trojan horse .egg-info file in the current working directory or its parent directories to gain privileges. The issue is confirmed in multiple...