setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin

A shell command injection flaw was found in the way the setroubleshoot allowexecstack plugin executed external commands. A local attacker able to trigger an execstack SELinux denial could use this flaw to execute arbitrary code with root privileges...

setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin

A shell command injection flaw was found in the way the setroubleshoot allowexecmod plugin executed external commands. A local attacker able to trigger an execmod SELinux denial could use this flaw to execute arbitrary code with root privileges...

CVE-2016-4445

A shell command injection flaw was found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use this flaw to execute arbitrary code with root privileges...

CVE-2016-4444

A shell command injection flaw was found in the way the setroubleshoot allowexecmod plugin executed external commands. A local attacker able to trigger an execmod SELinux denial could use this flaw to execute arbitrary code with root privileges...

CVE-2016-4446

A shell command injection flaw was found in the way the setroubleshoot allowexecstack plugin executed external commands. A local attacker able to trigger an execstack SELinux denial could use this flaw to execute arbitrary code with root privileges...

CVE-2016-4989

Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges...

iSQL 1.0 - Shell Command Injection

Exploit for linux platform in category local exploits !/bin/ruby Exploit Title: iSQLRL 1.0 - Shell Command Injection Date: 2016-06-13 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/roselone/iSQL Software Link:...

iSQL 1.0 Shell Command Injection

!/bin/ruby Exploit Title: iSQLRL 1.0 - Shell Command Injection Date: 2016-06-13 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/roselone/iSQL Software Link: https://github.com/roselone/iSQL/archive/master.zip Version: 1.0 Tested on: Debian wheezy CVE...

DLA-488-1 xymon - security update

Bulletin has no description...

Updated xymon packages fix security vulnerabilities

Updated xymon packages fix security vulnerabilities: The incorrect handling of user-supplied input in the "config" command can trigger a stack-based buffer overflow, resulting in denial of service via application crash or remote code execution CVE-2016-2054. The incorrect handling of user-supplie...

ImageMagick vulnerability analysis and protection solution-vulnerability warning-the black bar safety net

Mail. Ru security team found several on the ImageMagick software vulnerabilities and submitted to the ImageMagick developers for repair. ImageMagick official in 2 0 1 6 year 4 month 3 0 day release a new version 6.9.3-9 repair remote code execution, but the repair is not complete, after the secon...

Zabbix Agent 3.0.1 - mysql.size Shell Command Injection

Zabbix Agent 3.0.1 - mysql.size Shell Command Injection CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from...

Zabbix Agent 3.0.1 - mysql.size Shell Command Injection

Exploit for linux platform in category local exploits CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from...

ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities

ImageMagick 7.0.1-0 6.9.3-9 - ImageTragick Multiple Vulnerabilities Nikolay Ermishkin from the Mail.Ru Security Team discovered several vulnerabilities in ImageMagick. We've reported these issues to developers of ImageMagick and they made a fix for RCE in sources and released new version 6.9.3-9...

ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities

Nikolay Ermishkin from the Mail.Ru Security Team discovered several vulnerabilities in ImageMagick. We've reported these issues to developers of ImageMagick and they made a fix for RCE in sources and released new version 6.9.3-9 released 2016-04-30...

Debian DSA-3562-1 : tardiff - security update

Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell...

Zabbix Agent 3.0.1 mysql.size Shell Command Injection

CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions were not...

[SECURITY] [DSA 3562-1] tardiff security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3562-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3562-1] tardiff security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3562-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3562-1 (tardiff - security update)

Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell meta-characters...