RedHat Update for dracut RHSA-2013:1674-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

luci: short exposure of authentication secrets while generating configuration file

A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file...

Samba 3.x < 3.6.20 / 4.0.x < 4.0.11 / 4.1.x < 4.1.1 Multiple Vulnerabilities

According to its banner, the version of Samba running on the remote host is 3.x prior to 3.6.20 or 4.0.x prior to 4.0.11 or 4.1.x prior to 4.1.1. It is, therefore, potentially affected by multiple vulnerabilities : - A security bypass vulnerability may exist because Samba does not properly enforc...

DEBIAN-CVE-2013-4476

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controll...

ARRIS DG860A NVRAM Backup Password Disclosure

Exploit for hardware platform in category web applications ! /usr/bin/env ruby ARRIS DG860A NVRAM Backup 'Compressor/Decompressor', it really does xor? Gleaned from scmix executable in firmware dump. Backup file is world readable without authentication and contains password information in plain...

DEBIAN-CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

Default configuration

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

ARRIS DG860A - NVRAM Backup Password Disclosure

ARRIS DG860A - NVRAM Backup Password Disclosure ! /usr/bin/env ruby ARRIS DG860A NVRAM Backup 'Compressor/Decompressor', it really does xor? Gleaned from scmix executable in firmware dump. Backup file is world readable without authentication and contains password information in plain text...

ARRIS DG860A - NVRAM Backup Password Disclosure

!/usr/bin/env ruby ARRIS DG860A NVRAM Backup 'Compressor/Decompressor', it really does xor? Gleaned from scmix executable in firmware dump. Backup file is world readable without authentication and contains password information in plain text. box:arris-dev cosmo$ wget http://192.168.0.1/router.dat...

ARRIS DG860A NVRAM Backup Compressor / Decompressor

! /usr/bin/env ruby ARRIS DG860A NVRAM Backup 'Compressor/Decompressor', it really does xor? Gleaned from scmix executable in firmware dump. Backup file is world readable without authentication and contains password information in plain text. box:arris-dev cosmo$ wget http://192.168.0.1/router.da...

Hewlett-Packard Intelligent Management Center SOM sdFileDownload Servlet Information Disclosure Vulnerability

This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sdFileDownload servlet. Authentication is not...

MGASA-2013-0286 Updated lightdm package fixes security vulnerability

lightdm before 1.4.3, 1.6.2 and 1.7.14 created .Xauthority files with world-readable permissions CVE-2013-4331. Additionally, an issue where a user logged into a graphical desktop environment through lightdm would lose privleges to local devices such as the sound card when using the 'su' command...

Race condition

Race condition in the post-installation script mysql-server-5.5.postinst for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive...

HP Managed Printing Administration jobAcct Remote Command Execution

This module exploits an arbitrary file upload vulnerability on HP Managed Printing Administration 2.6.3 and prior versions. The vulnerability exists in the UploadFiles function from the MPAUploader.Uploader.1 control, loaded and used by the server. The function can be abused via directory travers...

samba -- Private key in key.pem world readable

The Samba project reports: Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesyst...