123 matches found
EMC Isilon OneFS Privilege Vulnerability
EMC Isilon OneFS is a distributed file system that supports EMC Isilon Horizontally Scalable Storage System from EMC Corporation. The system combines the three layers of a traditional storage architecture file system, volume manager and data protection into a single unified software layer to crea...
Circle with Disney Command Injection Vulnerability (CNVD-2017-33185)
Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A command injection vulnerability exists in Circle with Disney. An attacker could exploit this vulnerability by intercepting and alterin...
[SECURITY] Fedora 25 Update: libtool-2.4.6-14.fc25
GNU Libtool is a set of shell scripts which automatically configure UNIX and UNIX-like systems to generically build shared libraries. Libtool provides a consistent, portable interface which simplifies the process of using shared libraries. If you are developing programs which will use shared...
Huawei OceanStor UDS Code Injection Vulnerability
Huawei OceanStor UDS is a high-density storage node and distributed storage system based on ARM architecture from Huawei, China. A security vulnerability exists in Huawei OceanStor UDS V100R002C01SPC101 and earlier versions. A remote attacker can exploit the vulnerability by injecting SHELL scrip...
Finecms SQL Injection Vulnerability
FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. A SQL injection vulnerability exists in Finecms 5.0.8 and earlier versions, due to the program failing to effectively filter user input parameters. Allows attackers to exploit the vulnerability by writi...
CVE-2015-2252
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts...
Code injection
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts...
CVE-2015-2252
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts...
BullIBM AIX ClusterwatchWatchware - Multiple Vulnerabilities
BullIBM AIX ClusterwatchWatchware - Multiple Vulnerabilities Bull Clusterwatch/Watchware is a VERY VERY OLD tool used by sysadmins to manage their AIX clusters. Marble effect in the web banner and questionable font: it smells the 90s ! Tool is mainly a web app with CGIs shell scripts and binaries...
[SECURITY] Fedora 25 Update: ed-1.14.1-1.fc25
Ed is a line-oriented text editor, used to create, display, and modify text files both interactively and via shell scripts. For most purposes, ed has been replaced in normal usage by full-screen editors emacs and vi, for example. Ed was the original UNIX editor, and may be used by some programs. ...
WinREST Remote Privilege Escalation
So a year back I was massively scanning internet. This case ISPs IPs blocks where you can find easily at RIPE for example. Then I found some interesting hosts where SMB were open and the ACL is totally open to root file system with the same netbios name. All file system is writable. I was able to...
GLSA-201511-01 : MirBSD Korn Shell: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201511-01 MirBSD Korn Shell: Arbitrary code execution Improper sanitation of environment import allows for appending of values to passed parameters. Impact : An attacker who already had access to the environment could so append...
Security Advisory - Multiple Injection Vulnerabilities in UDS
The OceanStor UDS has some vulnerability: Attacker injects JavaScript into patch. After the patch is loaded through the OceanStor DeviceManager, the returned content contains the injected script. After the script is parsed and executed on the OceanStor DeviceManager, information leak occurs...
Setuid Tunnelblick Privilege Escalation
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...
PHP-Nuke Book Catalog Module 1.0 'upload.php' Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19890/info The Book Catalog module for PHP-Nuke is prone to a vulnerability that lets attackers upload arbitrary files. Exploiting this issue may allow an attacker to compromise the application and the underlying system;...
IBM AIX 5.3 GetShell and GetCommand Partial File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16103/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This vulnerability may let the attacker gain unauthorized read access to shell scripts on the computer. -bash-3.00$ ls -l /tmp/k.sh -rwx----...
SUSE-SU-2015:1337-1 Security update for tomcat6
This update of tomcat6 fixes: apache-tomcat-CVE-2012-3544.patch bnc831119 use chown --no-dereference to prevent symlink attacks on log bnc822177c7/prevents CVE-2013-1976 Fix tomcat init scripts generating malformed classpath http://youtrack.jetbrains.com/issue/JT-18545 bnc804992 patch from m407 f...
[SECURITY] Fedora 17 Update: kde-baseapps-4.10.5-1.fc17
Core applications for KDE 4, including: dolphin : File manager kdepasswd : Changes a UNIX password. kdialog : Nice dialog boxes from shell scripts keditbookmarks : Bookmark oranizer and editor kfind : File find utility kfmclient : Tool for opening URLs from the command line konqueror : Web browse...
[SECURITY] Fedora 19 Update: python-bugzilla-0.9.0-1.fc19
python-bugzilla is a python library for interacting with bugzilla instances over XML-RPC. This package also includes the 'bugzilla' command-line tool for interacting with bugzilla from shell scripts...
Solaris 10 Patch Cluster File Clobber
Solaris 10 patch cluster suffers from a file clobber vulnerability in /tmp. File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @larry0 Hello, The 147147-26 patch creates a CLEANUP file in /tmp that is vulnerable to symlink attacks: The contents of the file...