81 matches found
FreeBSD : drupal -- multiple vulnerabilities (7932548e-3427-11e6-8e82-002590263bf5)
Drupal Security Team reports : - Saving user accounts can sometimes grant the user all roles User module - Drupal 7 - Moderately Critical - Views can allow unauthorized users to see Statistics information Views module - Drupal 8 - Less Critical %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Internet Bug Bounty: Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)
The 1 EPHEMERAL, 2 HTTPS, 3 MVG, 4 MSL, 5 TEXT, 6 SHOW, 7 WIN, and 8 PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." See also:...
Imgur: SSRF and local file read in video to gif converter
Video to gif converter on http://imgur.com/vidgif uses Lavf/55.48.100 with network options enabled. It makes possible SSRF by uploading specially crafted playlist. For example we can use mp4 file http://yngwie.ru/1.mp4 EXTM3U EXT-X-MEDIA-SEQUENCE:0 EXTINF:10.0, http://yngwie.ru/2.mp4 EXT-X-ENDLIS...
CVE-2009-5082
The 1 configure and 2 config.guess scripts in GNU troff aka groff 1.20.1 on Openwall GNU//Linux aka Owl improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file...
Apache Tomcat Denial Of Service Vulnerability (Jun 2015) - Windows
Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...
PuTTY Information Disclosure vulnerability (Mar 2015) - Windows
PuTTY is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:putty:putty";...
CVE-2015-0235 - GHOST | Cloud Foundry
CVE-2015-0235 – GHOST Critical Vendor Canonical, Red Hat Versions Affected Ubuntu 10.04 Lucid, 12.04 Precise, CentOS 6. Description A heap-based buffer overflow was found in nsshostnamedigitsdots, which is used by the gethostbyname and gethostbyname2 glibc function call. A remote attacker could u...
MediaWiki ExpandTemplates Extension < 1.24.1 Multiple Vulnerabilities (Jan 2015) - Active Check
The ExpandTemplates extension for MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
http-shellshock NSE Script
Attempts to exploit the "shellshock" vulnerability CVE-2014-6271 and CVE-2014-7169 in web applications. To detect this vulnerability the script executes a command that prints a random string and then attempts to find it inside the response body. Web apps that don't print back information won't be...
RedStar 2.0 Desktop - World-writeable rc.sysinit Local Privilege Escalation
RedStar 2.0 Desktop - World-writeable rc.sysinit Local Privilege Escalation Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit" which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown here...
RedStar 3.0 Desktop - Enable sudo Privilege Escalation
!/bin/bash -e Alternative steps: https://pbs.twimg.com/media/B68inqBIQAA5sK6.png Proof: https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png cp /etc/udev/rules.d/85-hplj10xx.rules /tmp/udevhp.bak echo 'RUN+="/bin/bash /tmp/r00t.sh"'...
RedStar 2.0 Desktop - 'World-writeable rc.sysinit' Local Privilege Escalation
Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit" which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown here https://github.com/HackerFantastic/Public/blob/master/exploits/redstar2.0-localroot.png PoC: /bin/echo...
Openwall 3.1 Released With Fixes for Shellshock, POODLE Attack
The maintainers of the Openwall security enhanced Linux distribution have released a new stable version, which includes fixes for a number of serious vulnerabilities, such as the Shellshock Bash bug and the flaw in SSLv3 that leads to the POODLE attack. Openwall is designed to be a small, compact...
CVE-2014-9130
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving line-wrapping...
Fedora 20 : gvfs-1.18.3-3.fc20 / ifuse-1.1.3-3.fc20 / libgpod-0.8.3-2.fc20 / etc (2014-9092)
Add support for devices running iOS7 Fixes CVE-2013-2142: libimobiledevice: Insecure temporary file use when both $XDGCONFIGHOME and $HOME are unset http://www.openwall.com/lists/oss-security/2013/06/04/11 Note that Tenable Network Security has extracted the preceding description block directly...
VLC Media Player mp4a Denial of Service Vulnerability - Mac OS X
VLC Media Player is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
mcrypt 2.5.8 - Local Stack Overflow
mcrypt 2.5.8 - Local Stack Overflow !/usr/bin/perl Title : mcrypt ', $filename; print F $file; close F; sub buildfile magic $file .= "\x00m\x03"; flags $file .= pack'C', 1 6; algorithm $file .= "H@Ck3d\x00"; keysize $file .= pack'S', 0xdead; mode $file .= "h@cK3d\x00"; keymode $file .=...
mcrypt 2.5.8 - Local Stack Overflow
!/usr/bin/perl Title : mcrypt ', $filename; print F $file; close F; sub buildfile magic $file .= "\x00m\x03"; flags $file .= pack'C', 1 6; algorithm $file .= "H@Ck3d\x00"; keysize $file .= pack'S', 0xdead; mode $file .= "h@cK3d\x00"; keymode $file .= "H@CK3D\x00"; sflags $file .= "\xff"; payload...
Wireshark CSN.1 Dissector Denial of Service Vulnerability - Windows
Wireshark is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"...
Fedora 16 : phpPgAdmin-5.0.3-1.fc16 (2011-13748)
Update to 5.0.3, per changes described at: http://sourceforge.net/mailarchive/forum.php?threadname =4E897F6C.90905%40free.fr&forumname=phppgadmin-news which also fixes a security flaw: http://www.openwall.com/lists/oss-security/2011/10/04/1 Note that Tenable Network Security has extracted the...