CVE-2016-10818

cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup SEC-124...

CVE-2024-54676

CVE-2024-54676 affects Apache OpenMeetings (2.1.0 up to 8.0.0, multiple entries across feeds). The issue is deserialization of untrusted data in cluster mode due to clustering instructions not specifying OpenJPA white/blacklists. Affected users are advised to upgrade to OpenMeetings 8.0.0 and to ...

CVE-2024-24122

A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restar...

Exploit for CVE-2023-31497

EPScalate An elevation of privilege vulnerability in QuickHeal...

SUSE CVE-2017-12172

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provid...

[SECURITY] Fedora 35 Update: vultr-1.15.0-9.fc35

Vultr CLI is a command line tool for using the Vultr API. It allows you to create and manage your virtual machines, SSH public keys, snapshots, and startup scripts on your Vultr account. You can also use it to directly SSH into a Vultr virtual machine through the vultr ssh command...

GHSA-PQ7M-3GW7-GQ5X Execution with Unnecessary Privileges in ipython

We’d like to disclose an arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another. Proof of concept User1: mkdir -m 777 /tmp/profiledefault mkdir -m 777 /tmp/profiledefault/startup echo...

CVE-2021-22651

When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a...

USN-4493-1: cryptsetup vulnerability

It was discovered that cryptsetup incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...

After upgrading the OS Machine Tools, kmssetup.cmd runs twice at startup

When you create a Gold VM to import as your first OS Layer version, you need to install the OS Machine Tools, to install our startup scripts and get them set to run as startup scripts. Later, you add a version to your OS layer and want to upgrade the scripts to the ones from the latest version. S...

Security Bulletin: WebSphere Application Server shipped with Tivoli Integrated Portal (TIP) may have insecure file permissions (CVE-2017-1382)

Summary WebSphere Application Server may have insecure file permissions after custom startup scripts are run. The custom startup script will not pull the umask from the server.xml. This may cause some log files to have different permissions then expected. Vulnerability Details CVEID: CVE-2017-138...

Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382)

Summary WebSphere Application Server may have insecure file permissions after custom startup scripts are run. The custom startup script will not pull the umask from the server.xml. This may cause some log files to have different permissions then expected. Vulnerability Details CVEID: CVE-2017-138...

Grouper - A PowerShell script for helping to find vulnerable settings in AD Group Policy

Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft's Group Policy module and identifies all the settings defined in...

postgresql: Start scripts permit database administrator to modify root-owned files

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...

postgresql: Start scripts permit database administrator to modify root-owned files

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine...

CVE-2017-1382

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153...

Adobe Creative Cloud Desktop Application 4.0.0.185 Privilege Escalation Vulnerability

Adobe Creative Cloud Desktop Application versions 4.0.0.185 and below suffers from a privilege escalation vulnerability. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ADOBE-CREATIVE-CLOUD-PRIVILEGE-ESCALATION.txt + ISR:...

Kernel.org Linux Site Compromised

Attackers have compromised a number of servers at kernel.org that house the Linux kernel source code and were able to modify a number of files and log user activity on the machines. However, it appears right now as though the Linux source code repositories were not affected by the attack. A messa...

Fedora Update for xorg-x11-xinit FEDORA-2010-13923

Check for the Version of xorg-x11-xinit OpenVAS Vulnerability Test Fedora Update for xorg-x11-xinit FEDORA-2010-13923 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

Fedora Update for xorg-x11-xinit FEDORA-2010-13696

Check for the Version of xorg-x11-xinit OpenVAS Vulnerability Test Fedora Update for xorg-x11-xinit FEDORA-2010-13696 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...