Lucene search
K

8 matches found

Prion
Prion
added 2014/10/15 2:55 p.m.14 views

Design/Logic Flaw

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...

6CVSS7.6AI score0.01363EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/10/15 2:0 p.m.78 views

CVE-2014-3593

The CVE-2014-3593 entry concerns luci, affected up to version 0.26.0, where an eval() on cluster configuration inputs could be exploited by remote authenticated users with certain permissions to execute arbitrary Python code. Multiple trusted sources (Red Hat RHSA-2014:1390, CentOS/OSS advisories...

6CVSS7.3AI score0.01363EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/10/15 2:0 p.m.33 views

CVE-2014-3593

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...

7.1AI score0.01363EPSS
Exploits0References2
NVD
NVD
added 2013/11/23 11:55 a.m.30 views

CVE-2013-4482

Untrusted search path vulnerability in python-paste-script aka paster in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the 1 current working directory or 2 its parent directories...

6.2CVSS6.4AI score0.00378EPSS
Exploits0References2
NVD
NVD
added 2013/11/23 11:55 a.m.25 views

CVE-2013-4481

Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."...

1.9CVSS5.6AI score0.00248EPSS
Exploits0References2
Prion
Prion
added 2013/11/23 11:55 a.m.22 views

Design/Logic Flaw

Untrusted search path vulnerability in python-paste-script aka paster in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the 1 current working directory or 2 its parent directories...

6.2CVSS6.9AI score0.00378EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2013/11/23 11:0 a.m.36 views

CVE-2013-4482

Untrusted search path vulnerability in python-paste-script aka paster in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the 1 current working directory or 2 its parent directories...

6.4AI score0.00378EPSS
Exploits0References2
CVE
CVE
added 2013/11/23 11:0 a.m.93 views

CVE-2013-4482

CVE-2013-4482 affects Luci 0.26.0. The vulnerability is an untrusted search path issue: when Luci is started via its initscript, a local user can exploit a Trojan horse .egg-info file in the current working directory or its parent directories to gain privileges. The issue is confirmed in multiple...

6.2CVSS6.5AI score0.00378EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder