Debian: Security Advisory (DSA-3562-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

festivaltts4r Gem for Ruby Arbitrary Command Execution

festivaltts4r passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to the tospeech and and tomp3 methods in lib/festivaltts4r/festival4r.rb library...

mercurial: arbitrary code execution

CVE-2016-3068 arbitrary code execution It was reported that in mercurial, there is similar vulnerability as CVE-2015-7545 in git. Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. Mercurial allows specifying git repositories as...

CVE-2016-3115

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the 1 doauthenticated1 and 2 sessionx11req functions...

CVE-2016-3116

CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data...

Crlf injection

CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data...

Crlf injection

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the 1 doauthenticated1 and 2 sessionx11req functions...

CVE-2016-3116

CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data...

CVE-2016-3116

CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data...

CVE-2016-3116

Dropbear SSH CVE-2016-3116 is a CRLF injection vulnerability in Dropbear prior to 2016.72 that allows remote authenticated users to bypass targeted shell-command restrictions via crafted X11 forwarding data. The CNVD entry (CNVD-2016-01816) mirrors this, stating the vulnerability exists in Dropbe...

CVE-2016-3115

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the 1 doauthenticated1 and 2 sessionx11req functions...

CVE-2016-3115

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the 1 doauthenticated1 and 2 sessionx11req functions...

Debian Security Advisory DSA 3495-1 (xymon - security update)

Markus Krell discovered that xymon, a network- and applications-monitoring system, was vulnerable to the following security issues: CVE-2016-2054The incorrect handling of user-supplied input in the config command can trigger a stack-based buffer overflow, resulting in denial of service via...

GLSA-201603-02 : OSC: Shell command injection

The remote host is affected by the vulnerability described in GLSA-201603-02 OSC: Shell command injection A vulnerability has been discovered that may allow remote attackers to execute arbitrary commands via shell metacharacters in a service file. Impact : A remote attacker could possibly execute...

Debian DSA-3495-1 : xymon - security update

Markus Krell discovered that xymon, a network- and applications-monitoring system, was vulnerable to the following security issues : - CVE-2016-2054 The incorrect handling of user-supplied input in the 'config' command can trigger a stack-based buffer overflow, resulting in denial of service via...

[SECURITY] [DSA 3495-1] xymon security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3495-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 29, 2016 https://www.debian.org/security/faq -...

FreeBSD : xymon-server -- multiple vulnerabilities (1cecd5e0-c372-11e5-96d6-14dae9d210b8)

J.C. Cleaver reports : - CVE-2016-2054: Buffer overflow in xymond handling of 'config' command - CVE-2016-2055: Access to possibly confidential files in the Xymon configuration directory - CVE-2016-2056: Shell command injection in the 'useradm' and 'chpasswd' web applications - CVE-2016-2057:...

PayPal remote code execution vulnerability-vulnerability warning-the black bar safety net

! /Article/UploadPic/2016-1/2016126182812936.jpg In 2 0 1 5 years 1 2 months,I in the PayPal Business Sitemanager.paypal.comfound a serious vulnerability,this vulnerability exist,so that I can through unsafe JAVA deserialize the object,in the PayPal website, the server on the remote using the she...

NTP - Local Privilege Escalation

Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics enabled. The script is run as ro...

PHP 'ext/standard/exec.c' file integer overflow vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. An...