CVE-2015-6473

Affected products: WAGO IO 750-849 (firmware 01.01.27) and WAGO IO 750-881 (firmware 01.02.05). Root cause: absence of privilege separation in these devices. Impact: allows escalation of privileges or unauthorized access affecting confidentiality, integrity, and availability as indicated by CVSS3...

CVE-2015-6473

WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation...

EulerOS 2.0 SP1 : openssh (EulerOS-SA-2017-1138)

According to the version of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is...

Moderate: Red Hat Security Advisory: openssh security, bug fix, and enhancement update

An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

BSA-2017-273

Security Advisory ID : BSA-2017-273 Component : sshd in OpenSSH Revision : 3.1 sshdinOpenSSHbefore 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related toserverloop.c. Affected...

Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_system.cgi Remote Code Execution

!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverylogquerysystemrce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root...

Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_system.cgi Remote Code Execution Exploit

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logquerysystem.cgi remote code execution vulnerability. !/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverylogquerysystemrce mrm...

Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dlp.cgi Remote Code Execution

!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverylogquerydlprce mrme$ ./poc.py 172.16.175.123 admin + logged in... + starting backdoor, this will take a few secs... + calling backdoor! id uid=0root gid=0root...

Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query.cgi Remote Code Execution Exploit

Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logquery.cgi remote code execution vulnerability. !/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoverylogqueryrce mrme$ ./poc.py...

Trend Micro Threat Discovery Appliance 2.6.1062r1 upload.cgi Remote Code Execution

!/usr/local/bin/python """ Trend Micro Threat Discovery Appliance + eg: ./poc.py 172.16.175.123 admin123 saturn:trendmicrothreatdiscoveryuploadrce mrme$ ./poc.py 172.16.175.123 admin123 + logged in... + popping shell, type 'exit' to exit. $ id uid=0root gid=0root $ uname -a Linux localhost 2.6.24...

Design/Logic Flaw

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

DEBIAN-CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

openSUSE Security Update : openssh (openSUSE-2017-184)

This update for openssh fixes several issues. These security issues were fixed : - CVE-2016-8858: The kexinputkexinit function in kex.c allowed remote attackers to cause a denial of service memory consumption by sending many duplicate KEXINIT requests bsc1005480. - CVE-2016-10012: The shared memo...

FreeBSD : FreeBSD -- OpenSSH multiple vulnerabilities (2c948527-d823-11e6-9171-14dae9d210b8)

The ssh-agent1 agent supports loading a PKCS11 module from outside a trusted whitelist. An attacker can request loading of a PKCS11 module across forwarded agent-socket. CVE-2016-10009 When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd8 with the privileg...

FreeBSD -- OpenSSH multiple vulnerabilities

Problem Description: The ssh-agent1 agent supports loading a PKCS11 module from outside a trusted whitelist. An attacker can request loading of a PKCS11 module across forwarded agent-socket. CVE-2016-10009 When privilege separation is disabled, forwarded Unix domain sockets would be created by...

FreeBSD-SA-17:01.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:01.openssh Security Advisory The FreeBSD Project Topic: OpenSSH multiple vulnerabilities Category: contrib Module: OpenSSH Announced: 2017-01-11 Affects: All...

DEBIAN-CVE-2016-10010

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...

CVE-2016-10012

The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...

DEBIAN-CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...