114 matches found
Unspecified Vulnerability in Manjaro Linux
Manjaro Linux is a set of Linux distributions for the Arch operating system. A security vulnerability exists in the manjaro-update-system.sh file in the manjaro-system 20180716-1 release of Manjaro Linux. A local attacker can exploit this vulnerability to install or remove arbitrary packets or...
CVE-2018-15912
An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital...
CVE-2018-11221
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/updatemanager.ajax in the update system...
Unrestricted file upload
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/updatemanager.ajax in the update system...
CVE-2018-11221
Pandora FMS up to version 7.23 is affected by CVE-2018-11221: an unauthenticated, untrusted file upload via include/ajax/update_manager.ajax in the update system allows an attacker to upload an arbitrary plugin.
Medium: PackageKit
Issue Overview: Authentication bypass allows to install signed packages without administrator privileges An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install...
Medium: postgresql93, postgresql94, postgresql95
Issue Overview: Selectivity estimators bypass SELECT privilege checks It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some...
Important: python-crypto
Issue Overview: A heap-buffer overflow vulnerability was discovered in cryptopp. This vulnerability can be used to remotely gain access to shell. Affected Packages: python-crypto Issue Correction: Run yum update python-crypto or yum update --advisory ALAS-2017-801 to update your system.Run yum...
Fedora 25 : 1:xrdp (2017-8fffbae8af)
WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don't already...
Medium: php56
Issue Overview: The following security-related issues were resolved: Out-of-bounds read in imagescale CVE-2013-7456 Integer underflow causing arbitrary null write in fread/gzread CVE-2016-5096 Integer overflow in phphtmlentities CVE-2016-5094 Integer overflow in phpfilterfullspecialchars...
Low: perl-IPTables-Parse
Issue Overview: A vulnerability in perl-IPTables-Parse was found, when using predictable file names for its temporary files. This vulnerability allows attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. Affected Packages:...
PHPOK最新版CSRF 永久GETSHELL
简要描述: PHPOK CSRF 永久GETSHELL 详细说明: PHPOK 最新版中,在线升级系统配置 可以被CSRF恶意串改。导致更新程序指向黑客的网站。 查看源码不难逆向出XML的构造格式。 \phpok\framework\admin\updatecontrol.php //在线升级 function mainf if!$this-popedom'update' error'您没有在线升级权限',$this-url'update','error'; $info = $this-service4; $rs = $this-lib'json'-decode$info;...
Low: gpgme
Issue Overview: Multiple heap-based buffer overflows in the statushandler function in 1 engine-gpgsm.c and 2 engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to "different line lengths in a...
Firefox 21 Update Patches 8 Vulnerabilities, 3 Critical
Mozilla fixed eight vulnerabilities, three critical, in the 21st build of its flagship Firefox browser yesterday. One of the fixes remedies an Address Sanitizer memory corruption flaw MFSA 2013-48 that could’ve allowed remote code execution. The other two critical flaws could’ve also led to...
FreeBSD Ports: rt40
The remote host is missing an update to the system as announced in the referenced advisory. VID 4b738d54-2427-11e2-9817-c8600054b392 OpenVAS Vulnerability Test $ Description: Auto generated from VID 4b738d54-2427-11e2-9817-c8600054b392 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
AIX 530012 : U841209
The remote host is missing AIX PTF U841209 which is related to the security of the package devices.iscsisw.rte You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...
FreeBSD Ports: firefox
The remote host is missing an update to the system as announced in the referenced advisory. VID b2f09169-55af-11e0-9d6f-000f20797ede OpenVAS Vulnerability Test $ Description: Auto generated from VID b2f09169-55af-11e0-9d6f-000f20797ede Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
FreeBSD Ports: php5
The remote host is missing an update to the system as announced in the referenced advisory. VID b2a6fc0e-070f-11e0-a6e9-00215c6a37bb OpenVAS Vulnerability Test $ Description: Auto generated from VID b2a6fc0e-070f-11e0-a6e9-00215c6a37bb Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...
FreeBSD Ports: vim6, vim6+ruby
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
AIX 530011 : U837721
The remote host is missing AIX PTF U837721 which is related to the security of the package devices.common.IBM.ide.rte You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...