268 matches found
CVE-2016-9097
The Symantec Advanced Secure Gateway ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only acce...
UBUNTU-CVE-2017-5456
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR 52.1 and Firefox 53...
DEBIAN-CVE-2016-9864
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and ...
Android system_server Code Loading Bypass Vulnerability
Exploit for Android platform in category local exploits Android: Code loading bypasses in systemserver As of Android Nougat, a new set of SELinux rules have been added which are designed to prevent systemserver from loading arbitrary code into its address-space. This has been enforced by adding t...
CVE-2016-9639
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching...
Phoenix Contact ILC Security Bypass Vulnerability
Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. A security bypass vulnerability exists in the Phoenix Contact ILC PLCs, which can be exploited by an unauthenticated attacker to access read and write PLC...
Updated qemu packages fix security vulnerabilities
Updated qemu packages fix security vulnerabilities: An out-of-bounds flaw was found in the QEMU emulator built using 'addressspacetranslate' to map an address to a MemoryRegionSection. The flaw could occur while doing pcidmaread/write calls, resulting in an out-of-bounds read-write access error. ...
CentOS 7 : qemu-kvm (CESA-2016:0724)
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
SAMR and LSA man in the middle attacks possible
The Security Account Manager Remote Protocol MS-SAMR and the Local Security Authority Domain Policy Remote Protocol MS-LSAD are both vulnerable to man in the middle attacks. Both are application level protocols based on the generic DCE 1.1 Remote Procedure Call DCERPC protocol. These protocols ar...
Debian Security Advisory DSA 3471-1 (qemu - security update)
Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. CVE-2015-7504 Qinghao Tan...
Kibana Cross-site Request Forgery CVE-2015-8131
CVE: CVE-2015-8131 Affected versions: All versions up to and including 4.1.2 and 4.2.0. The vulnerability is a cross-site request forgery CSRF or XSRF that could allow an attacker to read and write changes to the .kibana index or gain read and write access to Kibana plugin actions. Remediation: A...
[CVE-2014-7301] SGI Tempo System Database Password Exposure
SGI Tempo System Database Password Exposure Software: SGI Tempo SGI ICE-X Supercomputers Affected Versions: Unknown CVE Reference: CVE-2014-7301 Author: John Fitzpatrick, MWR Labs Severity: Medium Risk Vendor: Silicon Graphics International Corp SGI Vendor Response: Uncooperative Description It i...
SGI Tempo Database Password Disclosure
SGI Tempo System Database Password Exposure Software: SGI Tempo SGI ICE-X Supercomputers Affected Versions: Unknown CVE Reference: CVE-2014-7301 Author: John Fitzpatrick, MWR Labs Severity: Medium Risk Vendor: Silicon Graphics International Corp SGI Vendor Response: Uncooperative Description It i...
Ubuntu 11.10 : linux vulnerabilities (USN-1405-1)
Paolo Bonzini discovered a flaw in Linux's handling of the SGIO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. CVE-2011-4127 A flaw was found in the Linux kernel's ext4 file system wh...
Ubuntu: Security Advisory (USN-1388-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2009-4203 · Netmechanica · Netdecision Tftp Server
Name of the Vulnerable Software and Affected Versions: NetMechanica NetDecision TFTP Server version 4.2 Description: The issue allows remote attackers to read or modify arbitrary files via directory traversal sequences in the 1 GET or 2 PUT command. Recommendations: For NetMechanica NetDecision...
[SECURITY] Fedora 8 Update: scponly-4.6-10.fc8
scponly is an alternative 'shell' for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution priviledges. Functionally, it is best described as a wrapper to the "tried and true" ssh suite of applications...
[SECURITY] Fedora 7 Update: ntfs-3g-1.913-2.fc7
The ntfs-3g driver is an open source, GPL licensed, third generation Linux NTFS driver. It provides full read-write access to NTFS, excluding access to encrypted files, writing compressed files, changing file ownership, access right. Technically it=E2=80=99s based on and a major improvement to th...
TFTP Server TFTPDWin 0.4.2 - Directory Traversal
source: https://www.securityfocus.com/bid/23937/info TFTP Server TFTPDWIN is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to gain read/write access to privileged directories and files. TFT...
Linksys Router Default Password (HTTP)
This Linksys Router has the default password set for the web administration console. SPDX-FileCopyrightText: 2002 Digital Defense Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...