Lucene search
+L

238 matches found

cve
cve
added 2014/05/27 3:0 p.m.173 views

CVE-2014-0240

CVE-2014-0240 affects the mod_wsgi Apache module (daemon mode) where error codes from setuid are not properly handled on certain Linux kernels, enabling a local attacker to escalate privileges via vectors related to the number of running processes. Multiple vendors/advisories reference this flaw ...

6.2CVSS7.3AI score0.00411EPSS
Exploits0References7Affected Software1
debiancve
debiancve
added 2014/05/27 3:0 p.m.20 views

CVE-2014-0240

The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...

6.2CVSS7.2AI score0.00411EPSS
Exploits0
osv
osv
added 2014/05/27 2:55 p.m.4 views

DEBIAN-CVE-2014-0240

The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...

6.2CVSS6.5AI score0.00411EPSS
Exploits0References1
nvd
nvd
added 2014/05/27 2:55 p.m.12 views

CVE-2014-0240

The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...

6.2CVSS7.5AI score0.00411EPSS
Exploits0References7
osv
osv
added 2014/05/27 2:55 p.m.7 views

CVE-2014-0240

The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...

7.4AI score
Exploits0References7
prion
prion
added 2014/05/27 2:55 p.m.9 views

Code injection

The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...

6.2CVSS6.8AI score0.00411EPSS
Exploits0References7Affected Software1
nessus
nessus
added 2014/05/27 12:0 a.m.21 views

Ubuntu 14.04 LTS : mod_wsgi vulnerabilities (USN-2222-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2222-1 advisory. Rbert Kisteleki discovered modwsgi incorrectly checked setuid return values. A malicious application could use this issue to cause a local privilege...

7.5CVSS6.7AI score0.08526EPSS
Exploits0References3
osv
osv
added 2014/05/26 1:9 p.m.3 views

USN-2222-1 mod-wsgi vulnerabilities

Róbert Kisteleki discovered modwsgi incorrectly checked setuid return values. A malicious application could use this issue to cause a local privilege escalation when using daemon mode. CVE-2014-0240 Buck Golemon discovered that modwsgi used memory that had been freed. A remote attacker could use...

7.5CVSS6.8AI score0.08526EPSS
Exploits0References3
osv
osv
added 2014/05/23 12:0 a.m.3 views

UBUNTU-CVE-2014-0240

The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...

6.2CVSS6.6AI score0.00411EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2014/05/23 12:0 a.m.21 views

CVE-2014-0240

The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...

6.2CVSS6.7AI score0.00411EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2014/05/23 12:0 a.m.23 views

CVE-2014-0242

modwsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread...

7.5CVSS7.1AI score0.08526EPSS
Exploits0References3
exploitpack
exploitpack
added 2014/05/21 12:0 a.m.16 views

Apache mod_wsgi - Information Disclosure

Apache modwsgi - Information Disclosure source: https://www.securityfocus.com/bid/67534/info modwsgi is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. import functools import...

7.2AI score
Exploits0
exploitdb
exploitdb
added 2014/05/21 12:0 a.m.162 views

Apache mod_wsgi - Information Disclosure

source: https://www.securityfocus.com/bid/67534/info modwsgi is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. import functools import threading import time import random def...

7AI score
Exploits0
exploitdb
exploitdb
added 2013/06/24 12:0 a.m.204 views

MoinMoin - twikidraw Action Traversal Arbitrary File Upload (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'MoinMoin twikidraw Action Traversal...

6CVSS7.4AI score0.30566EPSS
Exploits7
zdt
zdt
added 2013/06/19 12:0 a.m.335 views

MoinMoin twikidraw Action Traversal File Upload Vulnerability

This Metasploit module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/modwsgi configurations by overwriting moin.wsgi, which...

6CVSS0.5AI score0.30566EPSS
Exploits7
packetstorm
packetstorm
added 2013/06/19 12:0 a.m.58 views

MoinMoin twikidraw Action Traversal File Upload

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'MoinMoin twikidraw Action Traversal...

6CVSS0.2AI score0.30566EPSS
Exploits7
metasploit
metasploit
added 2013/06/17 9:13 p.m.33 views

MoinMoin twikidraw Action Traversal File Upload

This module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/modwsgi configurations by overwriting moin.wsgi, which allows to...

6CVSS7.1AI score0.30566EPSS
Exploits7
redhat
redhat
added 2012/03/29 6:31 p.m.7 views

satellite: remote package upload without authorization

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when modwsgi is used, which allows remote attackers to cause a denial of service /var partition disk consumption and failed updates via a...

5CVSS5.9AI score0.03016EPSS
Exploits0References4
Rows per page
Query Builder