238 matches found
CVE-2014-0240
CVE-2014-0240 affects the mod_wsgi Apache module (daemon mode) where error codes from setuid are not properly handled on certain Linux kernels, enabling a local attacker to escalate privileges via vectors related to the number of running processes. Multiple vendors/advisories reference this flaw ...
CVE-2014-0240
The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...
DEBIAN-CVE-2014-0240
The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...
CVE-2014-0240
The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...
CVE-2014-0240
The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...
Code injection
The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...
Ubuntu 14.04 LTS : mod_wsgi vulnerabilities (USN-2222-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2222-1 advisory. Rbert Kisteleki discovered modwsgi incorrectly checked setuid return values. A malicious application could use this issue to cause a local privilege...
USN-2222-1 mod-wsgi vulnerabilities
Róbert Kisteleki discovered modwsgi incorrectly checked setuid return values. A malicious application could use this issue to cause a local privilege escalation when using daemon mode. CVE-2014-0240 Buck Golemon discovered that modwsgi used memory that had been freed. A remote attacker could use...
UBUNTU-CVE-2014-0240
The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...
CVE-2014-0240
The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...
CVE-2014-0242
modwsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread...
Apache mod_wsgi - Information Disclosure
Apache modwsgi - Information Disclosure source: https://www.securityfocus.com/bid/67534/info modwsgi is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. import functools import...
Apache mod_wsgi - Information Disclosure
source: https://www.securityfocus.com/bid/67534/info modwsgi is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. import functools import threading import time import random def...
MoinMoin - twikidraw Action Traversal Arbitrary File Upload (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'MoinMoin twikidraw Action Traversal...
MoinMoin twikidraw Action Traversal File Upload Vulnerability
This Metasploit module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/modwsgi configurations by overwriting moin.wsgi, which...
MoinMoin twikidraw Action Traversal File Upload
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'MoinMoin twikidraw Action Traversal...
MoinMoin twikidraw Action Traversal File Upload
This module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/modwsgi configurations by overwriting moin.wsgi, which allows to...
satellite: remote package upload without authorization
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when modwsgi is used, which allows remote attackers to cause a denial of service /var partition disk consumption and failed updates via a...