CVE-2021-24167 Web-Stat < 1.4.1 - API Key Disclosure

When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount...

CVE-2021-24167

CVE-2021-24167 affects WordPress Web-Stat plugins older than 1.4.1. The vulnerability stems from the wts_web_stat_load_init function, which causes the browser to request https://wts2.one/ajax.htm?action=lookup_WP_account. The request exposes the site’s wts_web_stat_uid via the pwpid parameter and...

Web-Stat 信息泄露漏洞

WordPress Web-Stat is a WordPress open source application. Takes all the content that can be detected and presents the results in clear, user-friendly charts and graphs. A security vulnerability exists in Web-Stat versions prior to 1.4.0 that stems from the wts web stat load init function using t...

Arbitrary Command Injection

Overview roar-pidusage is a Cross-platform process cpu % and memory usage of a PID — Edit Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible f...

WordPress Web-Stat plugin <= 1.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered by Ramuel Gall in WordPress Web-Stat plugin versions = 1.4. Solution Update the WordPress Web-Stat plugin to the latest available version at least 1.4.1...

Web-Stat < 1.4.1 - API Key Disclosure

When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount. This request contained sensitive information such as the site’s “wtswebstatuid” which was sent in the...

CVE-2021-26910

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation...

CVE-2021-26910

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation...

UBUNTU-CVE-2021-25683

It was discovered that the getstarttime function in data/apport did not properly parse the /proc/pid/stat file from the kernel...

openSUSE Security Update : ldb / samba (openSUSE-2020-1023)

"This update for ldb, samba fixes the following issues : Changes in samba : - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; bso14364 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

kielce.stat.gov.pl Open Redirect vulnerability

Open Bug Bounty ID: OBB-1145380 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting kielce.stat.gov.pl website and its users. Following...

CVE-2019-19835

SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/rcmdstat.jsp URI...

Linux: SSH /etc/ssh/sshd_config chown

The /etc/ssh/sshdconfig file contains configuration specifications for sshd. This should be protected from unauthorized changes by non-privileged users. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

(0Day) Linux Kernel proc stat Improper Access Control Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the logi...

NewStart CGSL MAIN 4.05 : openssh-latest Multiple Vulnerabilities (NS-SA-2019-0146)

The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by multiple vulnerabilities: - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...

USN-3968-2 sudo vulnerability

USN-3968-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker in some...

Ubuntu 16.04 LTS : Sudo vulnerabilities (USN-3968-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3968-1 advisory. Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use...

CVE-2019-11190

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...

DEBIAN-CVE-2019-11191

The Linux kernel through 5.0.7, when CONFIGIA32AOUT is enabled and ia32aout is loaded, allows local users to bypass ASLR on setuid a.out programs if any exist because installexeccreds is called too late in loadaoutbinary in fs/binfmtaout.c, and thus the ptracemayaccess check has a race condition...

CVE-2019-11190

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...