CVE-2012-5659

Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool ABRT 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python modu...

CentOS Update for pam CESA-2013:0521 centos6

Check for the Version of pam OpenVAS Vulnerability Test CentOS Update for pam CESA-2013:0521 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Foswiki < 1.1.8 MAKETEXT Macro Arbitrary Code Injection

According to its version number, the instance of Foswiki installed on the remote host is affected by a code injection vulnerability in the '%MAKETEXT%' macro. An incomplete fix to CVE-2012-6329 left this attack vector available in which an attacker can invoke arbitrary Perl modules by escaping...

Scrutinizer < 10.1.2 Multiple Vulnerabilities

The version of Scrutinizer NetFlow and sFlow Analyzer running on the remote host is a version prior to 10.1.2, and is, therefore, potentially affected by the following vulnerabilities : - A blind SQL injection vulnerability exists because the 'orderby' and 'gadget' parameters of 'faweb.cgi' fail ...

Moderate: Red Hat Security Advisory: openstack-packstack security and bug fix update

An updated openstack-packstack package that fixes two security issues and several bugs is now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

[Weevely] PHP Stealth Tiny Web Shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox...

CVE-2011-1019

The devload function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAPSYSMODULE capability requirement and load arbitrary modules by leveraging the CAPNETADMIN capability...

RedHat Update for pam RHSA-2013:0521-02

Check for the Version of pam OpenVAS Vulnerability Test RedHat Update for pam RHSA-2013:0521-02 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

RedHat Update for pam RHSA-2013:0521-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Server: Information disclosure

Due to the inclusion of the Amazon SDK testing suite an unauthenticated attacker is able to gain additional informations about the server including: the PHP version the cURL version informations wether the following functions/modules are available: SimpleXML DOM SPL JSON PCRE File System Read/Wri...

[Recon-ng] Web Reconnaisance Framework for Penetration Testers

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. Complete with independent modules, database interaction, built in convenience functions,...

Cisco Nexus 7000 M1-Series Modules Crafted Packet Vulnerability

Cisco Nexus 7000 M1-Series Modules contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to incorrect handling of crafted packets processed by the affected software. An unauthenticated, remote attacker cou...

JBoss: allows empty password to authenticate against LDAP

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...

CentOS Update for libreport CESA-2013:0215 centos6

Check for the Version of libreport OpenVAS Vulnerability Test CentOS Update for libreport CESA-2013:0215 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Cisco Unity Express Cross-Site Scripting Vulnerabilities

Cisco Unity Express contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerabilities are due to insufficient sanitization of user-supplied input processed by the Cisco Unity Express software. An unauthenticated,...

SuSE 11.1 Security Update : net-snmp (SAT Patch Number 6517)

This update to net-snmp resolves the following issues : - Specially crafted SNMP GET requests could cause a denial of service application crash via a heap-based out-out-bounds read flaw which could be exploited remotely. CVE-2012-2141 - The snmpd agent should read shared memory information from...

CVE-2012-6437

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and...

CVE-2012-6441

An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. Rockwell Automation EtherNet/I...

CVE-2012-6442

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communicatio...

Buffer overflow

Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier...