Lucene search
+L

428 matches found

exploitpack
exploitpack
added 2014/02/05 12:0 a.m.23 views

Inteno DG301 - Command Injection

Inteno DG301 - Command Injection 1. Background According to the vendor, Inteno DG301 is a high-end Multi-WAN residential gateway with advanced router and bridge functions. 2. Summary Inteno DG301 Powered by LuCI Trunk inteno-1.0.34 and OpenWrt Backfire 10.03.1-RC6 is vulnerable to command...

7.8AI score
Exploits0
0day.today
0day.today
added 2014/02/05 12:0 a.m.33 views

Inteno DG301 Command Injection Vulnerability

Exploit for hardware platform in category web applications 1. Background According to the vendor, Inteno DG301 is a high-end Multi-WAN residential gateway with advanced router and bridge functions. 2. Summary Inteno DG301 Powered by LuCI Trunk inteno-1.0.34 and OpenWrt Backfire 10.03.1-RC6 is...

6.7AI score
Exploits0
Exploit DB
Exploit DB
added 2014/02/05 12:0 a.m.31 views

Inteno DG301 - Command Injection

Background According to the vendor, Inteno DG301 is a high-end Multi-WAN residential gateway with advanced router and bridge functions. 2. Summary Inteno DG301 Powered by LuCI Trunk inteno-1.0.34 and OpenWrt Backfire 10.03.1-RC6 is vulnerable to command injection, which can be exploited directly...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/02/04 12:0 a.m.29 views

Inteno DG301 Command Injection

Background According to the vendor, Inteno DG301 is a high-end Multi-WAN residential gateway with advanced router and bridge functions. 2. Summary Inteno DG301 Powered by LuCI Trunk inteno-1.0.34 and OpenWrt Backfire 10.03.1-RC6 is vulnerable to command injection, which can be exploited directly...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/12/04 12:0 a.m.30 views

Scientific Linux Security Update : luci on SL6.x i386/x86_64 (20131121)

A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. CVE-2013-4482 A flaw was found in the way luci...

6.2CVSS5.7AI score0.00378EPSS
Exploits0References3
Cent OS
Cent OS
added 2013/11/26 1:32 p.m.68 views

luci security update

CentOS Errata and Security Advisory CESA-2013:1603 Updated luci packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common...

6.2CVSS6AI score0.00378EPSS
Exploits0References7
NVD
NVD
added 2013/11/23 11:55 a.m.26 views

CVE-2013-4481

Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."...

1.9CVSS5.6AI score0.00248EPSS
Exploits0References2
NVD
NVD
added 2013/11/23 11:55 a.m.31 views

CVE-2013-4482

Untrusted search path vulnerability in python-paste-script aka paster in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the 1 current working directory or 2 its parent directories...

6.2CVSS6.4AI score0.00378EPSS
Exploits0References2
Prion
Prion
added 2013/11/23 11:55 a.m.26 views

Race condition

Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."...

1.9CVSS6.1AI score0.00248EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2013/11/23 11:55 a.m.22 views

Design/Logic Flaw

Untrusted search path vulnerability in python-paste-script aka paster in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the 1 current working directory or 2 its parent directories...

6.2CVSS6.9AI score0.00378EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2013/11/23 11:0 a.m.94 views

CVE-2013-4482

CVE-2013-4482 affects Luci 0.26.0. The vulnerability is an untrusted search path issue: when Luci is started via its initscript, a local user can exploit a Trojan horse .egg-info file in the current working directory or its parent directories to gain privileges. The issue is confirmed in multiple...

6.2CVSS6.5AI score0.00378EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2013/11/23 11:0 a.m.35 views

CVE-2013-4481

Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."...

5.6AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/11/23 11:0 a.m.39 views

CVE-2013-4482

Untrusted search path vulnerability in python-paste-script aka paster in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the 1 current working directory or 2 its parent directories...

6.4AI score0.00378EPSS
Exploits0References2
CVE
CVE
added 2013/11/23 11:0 a.m.83 views

CVE-2013-4481

CVE-2013-4481 is a race-condition in Luci 0.26.0 where /var/lib/luci/etc/luci.ini is created with world-readable permissions before restricting them, enabling local users to read authentication secrets. The connected advisories/plugins indicate updated luci packages fix this issue (e.g., RHSA-201...

1.9CVSS5.6AI score0.00248EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2013/11/21 12:0 a.m.29 views

RHEL 6 : luci (RHSA-2013:1603)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:1603 advisory. Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system...

6.2CVSS5.9AI score0.00378EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2013/11/20 7:34 p.m.33 views

Moderate: Red Hat Security Advisory: luci security, bug fix, and enhancement update

Updated luci packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which giv...

6.2CVSS6AI score0.00378EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2013/11/20 7:34 p.m.5 views

luci: paster hidden untrusted path and "command" (callable association) injection

A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user...

6.2CVSS6.1AI score0.00378EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/11/20 7:34 p.m.5 views

luci: short exposure of authentication secrets while generating configuration file

A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file...

1.9CVSS5.7AI score0.00248EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2013/03/07 12:0 a.m.7 views

VulnCheck KEV: CVE-2017-16959

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP...

6.5CVSS6.8AI score0.0191EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.25 views

RHEL 5 : conga (RHSA-2007:0640)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2007:0640 advisory. The Conga package is a web-based administration tool for remote cluster and storage management. A flaw was found in ricci during a code audit. A remo...

5CVSS5.7AI score0.01745EPSS
Exploits0References58
Rows per page
Query Builder