9571 matches found
DLA-280-1 ghostscript - security update
Bulletin has no description...
RedHat Update for sudo RHSA-2015:1409-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-1905
The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors...
Moderate: Red Hat Security Advisory: sudo security, bug fix, and enhancement update
Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
sudo: unsafe handling of TZ environment variable
It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the...
FreeBSD : php -- arbitrary code execution (5a1d5d74-29a0-11e5-86ff-14dae9d210b8)
cmb reports : When delayed variable substitution is enabled can be set in the Registry, for instance, !ENV! works similar to %ENV%, and the value of the environment variable ENV will be subsituted. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...
SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite
SquirrelMail Arbitrary Variable Overwrite Vendor: The SquirrelMail Project Team Product: SquirrelMail Version: = 1.4.5-RC1 Website: http://www.squirrelmail.org/ BID: 14254 CVE: CVE-2005-2095 SECUNIA: 16058 PACKETSTORM: 38709 Description: SquirrelMail is a standards-based webmail package written i...
SquirrelMail 1.4.5-RC1 - Arbitrary Variable Overwrite
SquirrelMail 1.4.5-RC1 - Arbitrary Variable Overwrite SquirrelMail Arbitrary Variable Overwrite Vendor: The SquirrelMail Project Team Product: SquirrelMail Version: = 1.4.5-RC1 Website: http://www.squirrelmail.org/ BID: 14254 CVE: CVE-2005-2095 SECUNIA: 16058 PACKETSTORM: 38709 Description:...
Q-shell - Quick Shell for Unix Administrator
q-shell is quick shell for remote login into Unix system, it use blowfish crypt algorithm to protect transport data from client to server, you can get two program: 'qsh' for client, and 'qshd' for server, those program can rename by any name with you prefer. Compile Just enter 'make' and it will...
CVE-2015-5456
PivotX is affected by CVE-2015-5456: an XSS in the form method (modules/formclass.php) present in PivotX versions before 2.3.11. The vulnerability is triggered via PATH_INFO (related to PHP_SELF) and form actions, allowing remote injection of script/html with no authentication. NVD notes CVSSv2 b...
DedeCMS < 5.7-sp1 - Remote File Inclusion Vulnerability
Exploit for php platform in category web applications ========================== Exploit Title: Dedecms variable coverage leads to getshell Date: 26-06-2015 Vendor Homepage: http://www.dedecms.com/ Version: dedecms 5.7-sp1 and all old version CVE : CVE-2015-4553 ===========================...
CVE-2015-3202
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking 1 mount or 2 umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNTMTAB environment variable that is used by mount's debugging feature...
DEBIAN-CVE-2015-3202
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking 1 mount or 2 umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNTMTAB environment variable that is used by mount's debugging feature...
Design/Logic Flaw
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking 1 mount or 2 umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNTMTAB environment variable that is used by mount's debugging feature...
CVE-2015-3202
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking 1 mount or 2 umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNTMTAB environment variable that is used by mount's debugging feature...
DeDeCMS < 5.7-sp1 - Remote File Inclusion
========================== Exploit Title: Dedecms variable coverage leads to getshell Date: 26-06-2015 Vendor Homepage: http://www.dedecms.com/ Version: dedecms 5.7-sp1 and all old version CVE : CVE-2015-4553 =========================== CVE-2015-4553Dedecms variable coverage leads to getshell...
Endian Firewall 3.0.0 - OS Command Injection (Metasploit)
Endian Firewall 3.0.0 - OS Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerabilit...
DeDeCMS 5.7-sp1 - Remote File Inclusion
DeDeCMS 5.7-sp1 - Remote File Inclusion ========================== Exploit Title: Dedecms variable coverage leads to getshell Date: 26-06-2015 Vendor Homepage: http://www.dedecms.com/ Version: dedecms 5.7-sp1 and all old version CVE : CVE-2015-4553 =========================== CVE-2015-4553Dedecms...
Design/Logic Flaw
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers aka SystemEDGE 12....
Design/Logic Flaw
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers aka SystemEDGE 12....