FreeBSD ftpd setusercontext()远程权限提升漏洞

BUGTRAQ ID: 36119 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD及其他一些BSD系统有一个用于设置用户上下文的功能，如FreeBSD中的setusercontext函数： setusercontextlc, pw, uidt0, LOGINSETLOGIN|LOGINSETGROUP|LOGINSETPRIORITY| LOGINSETRESOURCES|LOGINSETUMASK; 其中的LOGINSETRESOURCES设置允许用户设置资源。根据用户手册所述： LOGINSETRESOURCES...

Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09

This host is installed with Sun Java JDK/JRE and is prone to Integer Overflow vulnerability. OpenVAS Vulnerability Test $Id: gbsunjavajreintoverflowvulnaug09.nasl 7699 2017-11-08 12:10:34Z santu $ Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability - Aug09 Authors: Sharath S Copyright:...

Information disclosure

PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...

Adobe Patches 'Critical' ColdFusion, JRun Flaws

Adobe’s never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms. The patches, rated critical, cover a total of 7 vulnerabilities, some of which “could lead to t...

FreeBSD Ports: bind9

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Discuz!账号发放插件"2fly_gift.php" SQL注入漏洞

2Fly礼品序号发放系统 本插件可用于发布任何实物礼品、文字项目、序列号、帐号、推广等多方面应用。 存在过滤不严的问题。 V1.1.1 暂无 http://www.lanrengu.cn/lrbbs/2flyWorks.php...

Telnet NTLM Credential Reflection Authentication Bypass Vulnerability (960859)

This host is missing a critical security update according to Microsoft Bulletin MS09-042. OpenVAS Vulnerability Test $Id: secpodms09-042.nasl 5363 2017-02-20 13:07:22Z cfi $ Telnet NTLM Credential Reflection Authentication Bypass Vulnerability 960859 Authors: Nikita MR Updated By: Madhuri D on...

Microsoft Security Bulletin MS09-038 - Critical Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)

Microsoft Security Bulletin MS09-038 - Critical Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution 971557 Published: August 11, 2009 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Windows...

Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability

Windows XP/2003 is prone to Privilege Escalation vulnerability. OpenVAS Vulnerability Test $Id: gbmswinkernelwin32ksysprivescvuln.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft Windows Kernel 'win32k.sys' Privilege Escalation Vulnerability Authors: Sharath S Copyright: Copyright c 2009 Greenbone...

typecho blog system store cross-site vulnerability&easy to get webshell-vulnerability warning-the black bar safety net

author:hiphop qq group:5 2 9 3 8 7 2 2 转 帖 请 附上 来源 :http://hi.baidu.com/securehiphop/blog/item/f5b3627a1768bcfc0ad187f5.html Today Wake up in the morning eat Breakfast go to download a set of blogs to look at In the admin backend post post place found to the title place the title didn't do better...

Mozilla Firefox Multiple Vulnerabilities July-09 (Windows)

The host is installed with Firefox browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodfirefoxmultvulnjul09win.nasl 5055 2017-01-20 14:08:39Z teissa $ Mozilla Firefox Multiple Vulnerabilities July-09 Windows Authors: Sharath S Copyright: Copyright c 2009 SecPod...

Wyse Device Manager Buffer Overflow

Wyse Device Manager is installed on the remote system. The installed version is affected by a buffer overflow vulnerability. By sending a specially crafted request to the server, it may be possible for an unauthorized attacker to crash the server or execute arbitrary commands on the remote system...

openSUSE Security Update : flash-player (flash-player-378)

An unspecified vulnerability in flash-player allowed attackers to take control of the victim's system by having the victim load a specially crafted SWF file CVE-2008-5499. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

AIX 520010 : U827233

The remote host is missing AIX PTF U827233 which is related to the security of the package bos.rte.bindcmds You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

Microsoft Office Web Components Spreadsheet ActiveX control vulnerability

Overview The Microsoft Office Web Components Spreadsheet ActiveX controls OWC10 and OWC11 contain a vulnerability that may allow an attacker to take control of a vulnerable system. Description The Office Web Components Spreadsheet ActiveX control contains a code execution vulnerability. Public...

FreeBSD Ports: drupal5

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft DirectShow Remote Code Execution Vulnerability (961373)

This host is missing a critical security update according to Microsoft Bulletin MS09-028. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system...

AIX 530009 : U825215

The remote host is missing AIX PTF U825215 which is related to the security of the package bos.adt.prof You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

AIX 530008 : U825115

The remote host is missing AIX PTF U825115 which is related to the security of the package bos.mp64 You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...