openSUSE Security Update : python-rtslib-fb (openSUSE-2020-1156)

This update for python-rtslib-fb fixes the following issues : - Update to version v2.1.73 bsc1173257 CVE-2020-14019 : - version 2.1.73 - savetofile: fix fd open mode - saveconfig: copy temp configfile with permissions - saveconfig: open the temp configfile with modes set - Fix 'is not' with a...

AZL-44778 CVE-2020-14019 affecting package python-rtslib 2.1.fb69-9

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus permissions are not preserved...

UBUNTU-CVE-2020-14019

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus permissions are not preserved...

PYSEC-2020-250

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus permissions are not preserved...

Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2019-2066)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : ntp (EulerOS-SA-2019-2066)

According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number o...

EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1557)

According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that ntpd did not check whether a Message Authentication Code MAC was present in a received packet when ntpd was...

EulerOS Virtualization 2.5.3 : ntp (EulerOS-SA-2019-1230)

According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special...

E2open Device OpenWebif Plugin Arbitrary Code Execution Vulnerability

OpenWebif plugin for E2 open devices is a Web interface plugin for E2open devices from E2open, Inc. A security vulnerability exists in versions of the OpenWebif plugin for E2open devices prior to version 1.2.4, which originates from the 'saveConfig' function in...

CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename...

DEBIAN-CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename...

CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename...

CVE-2015-7976

CVE-2015-7976 affects the ntpq saveconfig command in the NTP reference implementation (ntpd/ntpq) across multiple 4.x branches (e.g., 4.1.2, 4.2.x prior to 4.2.8p6, and 4.3.x). The underlying flaw is that saveconfig does not properly filter special characters in filenames, enabling an attacker to...

CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename...

UBUNTU-CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename...

Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability

Talos Vulnerability Report TALOS-2015-0062 Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability October 21, 2015 CVE Number CVE-2015-7851 Description A potential path traversal vulnerability exists in the config file saving of ntpd on VMS. A specially crafted path could cause a...

Bedita cross-site scripting vulnerability (CNVD-2015-05900)

BEdita is a framework for creating semantic rule-based PHP applications and content management systems developed by Chialab and ChannelWeb in Italy. A cross-site scripting vulnerability exists in Bedita 3.5.1 and earlier versions, which stems from the index.php/admin/saveConfig URI failing to...

CVE-2015-6809

Multiple cross-site scripting XSS vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the 1 cfgprojectName parameter to index.php/admin/saveConfig, the 2 datastatsproviderurl parameter to index.php/areas/saveArea, or the 3 datadescription...

H2O-CMS <= 3.4 Remote Command Execution Exploit (mq = off)

No description provided by source. !/usr/bin/perl ---------------------------------------------------------- H2O-CMS = 3.4 Remote Command Execution Exploit mq = Off Discovered By StAkeRathotmaildotit Download On http://sourceforge.net/projects/h2o-cms...

ITlearner CuteCounter V1. 6 background to obtain webshell-vulnerability warning-the black bar safety net

Source of information: unknown Into the Findtdinput name="RecordNum" type="text" id="RecordNum" value="1 0 0" size="4 0" maxlength="3"/tdmodify maxlength="3"maxlength="5 0"then look for form name="form1" method="post" action="? Action=SaveConfig"change to action=" For the 1 0 0 block input 1 0...