Vulnerabilities in D-Link DAP 1150

Hello 3APA3A! I want to warn you about security vulnerabilities in D-Link DAP 1150 WiFi Access Point and Router. These are Predictable Resource Location, Brute Force and Cross-Site Request Forgery vulnerabilities. This is my second advisory from series of advisories about vulnerabilities in D-Lin...

Vulnerabilities in D-Link DSL-500T ADSL Router

Hello 3APA3A! I want to warn you about security vulnerabilities in D-Link DSL-500T ADSL Router. These are Predictable Resource Location, Brute Force and Cross-Site Request Forgery vulnerabilities. This is my first advisory from series of advisories about vulnerabilities in D-Link products...

ruby: Properly initialize the random number generator when forking new process

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...

Medium: puppet

Issue Overview: Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files. Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x...

CVE-2011-3871

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

DEBIAN-CVE-2011-3871

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

Code injection

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

CVE-2011-3871

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

CVE-2011-3871

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

Puppet uses predictable filenames, allowing arbitrary file overwrite

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

X.Org X Server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description vladz reported the following vulnerabilities in the X.Org X server: The X.Org X server follows symbolic links when trying to access the lock file for a X display, showing a predictable...

Ubuntu Update for linux USN-1227-1

Ubuntu Update for Linux kernel vulnerabilities USN-1227-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12271.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux USN-1227-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu Update for linux USN-1225-1

Ubuntu Update for Linux kernel vulnerabilities USN-1225-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12251.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux USN-1225-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu Update for puppet USN-1223-1

Ubuntu Update for Linux kernel vulnerabilities USN-1223-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12231.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for puppet USN-1223-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu 10.04 LTS / 10.10 / 11.04 : puppet vulnerabilities (USN-1223-1)

It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. CVE-2011-3869 Ricky Zhou discovered that Puppet did not drop privileges when creating SSH...

CVE-2011-3871

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

Ubuntu 11.04 : linux vulnerabilities (USN-1211-1)

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities...

Cross site request forgery (csrf)

JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via a brute-force approach...

Ruby Random Number Generation Local Denial Of Service Vulnerability

This host is installed with Ruby and is prone to local denial of service vulnerability. OpenVAS Vulnerability Test $Id: secpodrubyrandomnumbergenerationdosvuln.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby Random Number Generation Local Denial Of Service Vulnerability Authors: Sooraj KS Copyrigh...

Ruby Random Number Values Information Disclosure Vulnerability (Jul 2011)

Ruby is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ruby-lang:ruby";...