CVE-2017-5655

In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host...

Mailcow 0.14 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ============= mailcow.email mailcow.github.io Product: =========== The integrated mailcow UI allows administrative work on your mail server instance as well as separated domain administrator and...

Mailcow 0.14 - Cross-Site Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MAILCOW-v0.14-CSRF-PASSWORD-RESET-ADD-ADMIN.txt + ISR: ApparitionSec Vendor: ============= mailcow.email mailcow.github.io Product: =========== The integrated mailcow UI...

SSH Combined Host Command Logging (Plugin Debugging)

If plugin debugging is enabled, this plugin writes the SSH commands run on the host to a combined log file in a machine readable format. This log file resides on the scanner host itself. TRUSTED...

Escalation Of Privileges

github.com/docker/docker is vulnerable to escalation of privileges. It uses world-readable and world-writable permissions on the management socket which allows local users to gain privileges...

Insecure Defaults

sosreport is vulnerable to insecure defaults. The library creates temporary archive files with world-readable permissions, allowing a malicious user to extract these files and read their contents. This vulnerability exists due to a regression in the default behavior of sosreport...

Information Disclosure

github.com/google/codesearch is vulnerable to information disclosures. The csearchindex file is world-readable by default, allowing a malicious user to get information about the files they can't read...

Information Disclosure

github.com/lxc/lxd is vulnerable to information disclosure. This is because it does not correctly set the permissions when switching an unprivileged container into privileged mode. This allows local users to access world readable paths in the container directory...

Information Disclosure

github.com/lxc/lxd is vulnerable to information disclosure. This is because it uses world-readable permissions for /var/lib/lxd/zfs.imgwhen setting up a ZFS pool. Using this flaw local users can read and copy data from arbitrary containers...

Information disclosure

Samsung Android devices with L5.0/5.1, M6.0, and N7.x software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290...

CVE-2017-7978

Samsung Android devices with L5.0/5.1, M6.0, and N7.x software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290...

The power of Wallarm search engine

In this article I would like to show and explain my personal use cases of the Wallarm search engine. The cool thing about it is human readable search with intuitive commands. Just look at this search command before we start: attacks incidents vulns today RCE 502 For a security engineer looking at...

The power of Wallarm search engine

In this article I would like to show and explain my personal use cases of the Wallarm search engine. The cool thing about it is human readable search with intuitive commands. Just look at this search command before we start: attacks incidents vulns today RCE 502 For a security engineer looking at...

Information Disclosure

Fabric is vulnerable to information disclosure. When uploading templates using the uploadtemplate function, if the intended destination is invalid, the file ends up world-readable in the home folder...

Plaintext Credentials Logged

presto-main logs plaintext database credentials on startup. It loads the credentials stored in a properties file and logs it to a world readable file, server.log...

glusterfs: glusterfs-server %pretrans rpm script temporary file issue

It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package...

glusterfs: glusterfs-server %pretrans rpm script temporary file issue

It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package...

puppet-swift: installs config file with world readable permissions

An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions...

puppet-swift: installs config file with world readable permissions

An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions...

[SECURITY] Fedora 24 Update: diffoscope-77-1.fc24

diffoscope will try to get to the bottom of what makes files or directories different. It will recursively unpack archives of many kinds and transform various binary formats into more human readable form to compare them. It can compare two tarballs, ISO images, or PDF just as easily. The...