9569 matches found
CVE-2015-2152
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...
CVE-2015-2152
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...
Default credentials
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...
CVE-2014-8169
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...
Ubuntu 14.04 LTS : Sudo vulnerability (USN-2533-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2533-1 advisory. Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue ...
USN-2533-1 sudo vulnerability
Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue to open arbitrary files, bypassing intended permissions...
[SECURITY] [DSA 3167-1] sudo security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3167-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 22, 2015 http://www.debian.org/security/faq -...
PHP Betoffice (Betster) 1.0.4 - Authentication Bypass / SQL Injection
?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : Betster PHP Betoffice Authentication Bypass and...
嘉缘人才系统sql注入#4
简要描述: 求20rank 详细说明: 看到\frcms\wap\index.php $rid='';$title='我的求职简历';$chinese=$cnstatus=$visitnum=$personinfo=1; $member=$login;$adddate=dtime$frtime,6;$flag=$regpArray4==1?0:1; $rsqls=$rsqlss=''; foreach$rsqlstr as $v $v=strreplace'r','',$v; ifisset$$v $rsqls.="r$v,"; $rsqlss.="'".cleartags$$v."',...
[SECURITY] Fedora 21 Update: vorbis-tools-1.4.0-19.fc21
Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The vorbis package contains an encoder, a decoder, a playback tool, and a comment editor...
[SECURITY] [DLA 160-1] sudo security update
Package : sudo Version : 1.7.4p4-2.squeeze.5 CVE ID : CVE-2014-0106 CVE-2014-9680 Debian Bug : 772707 This update fixes the CVEs described below. CVE-2014-0106 Todd C. Miller reported that if the envreset option is disabled in the sudoers file, the envdelete option is not correctly applied to...
Fedora 20 : sudo-1.8.12-1.fc20 (2015-2247)
update to 1.8.12 - fixes CVE-2014-9680 Update to 1.8.11p2 Major upstream changes & fixes : - when running a command in the background, sudo will now forward SIGINFO to the command - the passwords in ldap.conf and ldap.secret may now be encoded in base64. - SELinux role changes are now audited...
Debian DSA-3167-1 : sudo - security update
Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the...
[SECURITY] [DSA 3167-1] sudo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3167-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 22, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3167-1] sudo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3167-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 22, 2015 http://www.debian.org/security/faq -...
DSA-3167-1 sudo - security update
Bulletin has no description...
Debian Security Advisory DSA 3167-1 (sudo - security update)
Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user OpenVAS Vulnerability Test $Id: deb3167.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3167-1 using nvtgen 1.0 Script...
Updated sudo packages fix CVE-2014-9680
Updated sudo packages fix security vulnerability: Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs ...
tipask注入漏洞2
简要描述: 没有啥条件限制,如果说要gpc 、 全局变量条件限制的都不是好漏洞。 详细说明: 众测来打洞,然后白盒代码就读起来了。。。(0day http://ce.wooyun.org/content/7045 function onaddcomment if isset$this-post'content' $content = htmlspecialchars$this-post'content'; $answerid = intval$this-post'answerid'; $replyauthorid = intval$this-post'replyauthor';...
CentOS Update for kernel CESA-2015:0164 centos5
Check the version of kernel SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882118";...