USN-2533-1 sudo vulnerability

Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue to open arbitrary files, bypassing intended permissions...

[SECURITY] [DSA 3167-1] sudo security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3167-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 22, 2015 http://www.debian.org/security/faq -...

PHP Betoffice (Betster) 1.0.4 - Authentication Bypass / SQL Injection

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : Betster PHP Betoffice Authentication Bypass and...

嘉缘人才系统sql注入#4

简要描述： 求20rank 详细说明： 看到\frcms\wap\index.php $rid='';$title='我的求职简历';$chinese=$cnstatus=$visitnum=$personinfo=1; $member=$login;$adddate=dtime$frtime,6;$flag=$regpArray4==1?0:1; $rsqls=$rsqlss=''; foreach$rsqlstr as $v $v=strreplace'r','',$v; ifisset$$v $rsqls.="r$v,"; $rsqlss.="'".cleartags$$v."',...

[SECURITY] Fedora 21 Update: vorbis-tools-1.4.0-19.fc21

Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The vorbis package contains an encoder, a decoder, a playback tool, and a comment editor...

[SECURITY] [DLA 160-1] sudo security update

Package : sudo Version : 1.7.4p4-2.squeeze.5 CVE ID : CVE-2014-0106 CVE-2014-9680 Debian Bug : 772707 This update fixes the CVEs described below. CVE-2014-0106 Todd C. Miller reported that if the envreset option is disabled in the sudoers file, the envdelete option is not correctly applied to...

Fedora 20 : sudo-1.8.12-1.fc20 (2015-2247)

update to 1.8.12 - fixes CVE-2014-9680 Update to 1.8.11p2 Major upstream changes & fixes : - when running a command in the background, sudo will now forward SIGINFO to the command - the passwords in ldap.conf and ldap.secret may now be encoded in base64. - SELinux role changes are now audited...

Debian DSA-3167-1 : sudo - security update

Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the...

[SECURITY] [DSA 3167-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3167-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 22, 2015 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3167-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3167-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 22, 2015 http://www.debian.org/security/faq -...

DSA-3167-1 sudo - security update

Bulletin has no description...

Debian Security Advisory DSA 3167-1 (sudo - security update)

Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user OpenVAS Vulnerability Test $Id: deb3167.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3167-1 using nvtgen 1.0 Script...

Updated sudo packages fix CVE-2014-9680

Updated sudo packages fix security vulnerability: Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs ...

tipask注入漏洞2

简要描述： 没有啥条件限制，如果说要gpc 、 全局变量条件限制的都不是好漏洞。 详细说明： 众测来打洞，然后白盒代码就读起来了。。。（0day http://ce.wooyun.org/content/7045 function onaddcomment if isset$this-post'content' $content = htmlspecialchars$this-post'content'; $answerid = intval$this-post'answerid'; $replyauthorid = intval$this-post'replyauthor';...

CentOS Update for kernel CESA-2015:0164 centos5

Check the version of kernel SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882118";...

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

IBM-AIX-3.2.5-IFS

Under older versions of AIX By changing the IFS enviroment variable to / setuid root programs that use system or popen can be fooled into running user provided programs...

WordPress Plugin Survey and Poll 1.1 - Blind SQL Injection

Exploit Title : Wordpress Survey and poll Blind SQL Injection Data : 2015 – 02 - 11 Exploit Author : Securely Yoo Hee man Plugin : WordPress Survey and Poll Vender Homepage : http://modalsurvey.sympies.com Tested On : Windows XP / sqlmapv1.0 Software Link :...

RedHat Update for kernel RHSA-2015:0164-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ThinkSNS任意代码执行漏洞

简要描述： 代码执行漏洞 详细说明： 漏洞文件： /addons/widget/FeedListWidget/FeedlistWidget.class.php 漏洞函数： getData getData函数位于/addons/widget/FeedListWidget/FeedlistWidget.class.php 在第262行处调用renderFile函数进行渲染模版。 private function getData$var, $tpl = 'FeedList.html' $var'feedkey' = t$var'feedkey'; $var'cancomment' =...