38 matches found
CVE-2026-29203
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path...
EUVD-2025-33387
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...
EUVD-2021-26499
Malware in sbrugna...
EUVD-2011-1501
Malware in sbrugna...
EUVD-2023-31289
Malicious code in bioql PyPI...
oath-toolkit: Local root exploit in a PAM module
A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...
oath-toolkit: Local root exploit in a PAM module
A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...
oath-toolkit: Local root exploit in a PAM module
A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...
oath-toolkit: Local root exploit in a PAM module
A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...
CVE-2021-29429
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded...
MGASA-2020-0353 Updated ark packages fix security vulnerability
A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction CVE-2020-24654...
Ark: Arbitrary code execution
Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description A maliciously crafted archive with “../” in the file paths could install files anywhere in the user’s home directory upon extraction. Impact A remote attacker could entice a user to...
ark -- directory traversal
KDE Project Security Advisory reports: KDE Project Security Advisory Title: Ark: maliciously crafted archive can install files outside the extraction directory. Risk Rating: Important CVE: CVE-2020-16116 Versions: ark Date: 30 July 2020 Overview A maliciously crafted archive with "../" in the fil...
CVE-2012-5644
libuser has information disclosure when moving user's home directory...
Linux PAM 0.6.9 Authentication Replay Vulnerability
Exploit for linux platform in category local exploits Multiple Vulnerabilities in pampkcs11 ====================================== Overview - -------- Confirmed Affected Versions: 0.6.9 Confirmed Patched Versions: - Vendor: Unmaintained Vendor URL: https://github.com/OpenSC/pampkcs11 Credit: X41...
CVE-2014-7272
Simple Desktop Display Manager SDDM before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance exploitation requires the user to win a race condition in the...
SUSE-SU-2017:3380-1 Security update for Salt
This update for salt fixes one security issue and bugs. The following security issues have been fixed: - CVE-2017-14695: A directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. bsc1062462 -...
ProFTPD < 1.3.5e, 1.3.6 < 1.3.6rc5 Local Security Bypass Vulnerability
ProFTPD server is prone to local security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:proftpd:proftpd";...
jre7-openjdk-headless: multiple issues
CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...
jre7-openjdk: multiple issues
CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...