9 matches found
SUSE CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
Kaltura - Remote Code Execution and Cross-Site Scripting
1 Unauthenticated Remote Code Execution through unserialize from cookie data Because of a hardcoded cookie secret, the cookie signature validation can be bypassed and malicious user input can be passed via the 'userzone' cookie to the unserialize function: abstract class kalturaAction extends...
Kaltura 13.1.0 Code Execution / Cross Site Scripting Vulnerabilities
Exploit for php platform in category web applications Advisory: Kaltura - Remote Code Execution and Cross-Site Scripting Release Date: 2017/09/12 Author: Robin Verton email protected CVE: CVE-2017-14141, CVE-2017-14142, CVE-2017-14143 Application: Kaltura = 13.1.0 Risk: Critical Vendor Status:...
CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
UBUNTU-CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
Design/Logic Flaw
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
CVE-2017-9780
CVE-2017-9780 affects Flatpak prior to 0.8.7. A third‑party app repository could supply malicious apps with files that have insecure permissions (e.g., setuid or world‑writeable), causing deployed files to run with elevated privileges or write to world‑writable locations. The worst‑case involves ...