107 matches found
mapr Information Disclosure
Hello, The mapr web frontend component creates an information disclosure vulnerability. During the setup of mapr the configure.sh script calls a function ConfigureWSRole: function ConfigureWSRole if $clientOnly -eq 0 -a $dontChangeSecurityPermissionsOn -eq 0 ; then ConfigureRunUserForWS fi This...
[SECURITY] [DSA 3802-1] zabbix security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3802-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 05, 2017 https://www.debian.org/security/faq -...
Unrestricted SQL Injection Vulnerability in Frontend of iWebSNS Enterprise Social Networking Platform
iWebSNS is a set of open source SNS social networking software built on LAMP development. iWebSNS enterprise social networking platform front-end there are unlimited SQL injection vulnerabilities. As the source code servtools\menupop\translatepri.php tname, vid and tem variables failed to strictl...
MTR - A Network Diagnostic Tool
MTR combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the...
[SECURITY] [DSA 3545-1] cgit security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3545-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq -...
DSA-3545-1 cgit - security update
Bulletin has no description...
Ganglia Web Frontend < 3.5.1 - PHP Code Execution
Assuming that ganglia is installed on the target machine at this path:/var/www/html/ganglia/ 2. Assuming the attacker has minimal access to the target machine and can write to "/tmp". There are several methods where a remote attacker can also trigger daemons or other system processes to create...
Ganglia Web Frontend 3.5.1 - PHP Code Execution
Ganglia Web Frontend 3.5.1 - PHP Code Execution...
Ganglia Web Frontend < 3.5.1 - PHP Code Execution Exploit
Exploit for php platform in category web applications ?php / Author : Andrei Costin andrei theATsign firmware theDOTsign re Desc : CVE-2012-3448 PoC Details : This PoC will create a dummy file in the /tmp folder and will copy /etc/passwd to /tmp. To modify the attack payload, modify the code...
Ganglia Web Frontend PHP Code Execution
...
[SECURITY] [DSA 2970-1] cacti security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2970-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 29, 2014 http://www.debian.org/security/faq -...
cacti security update
Package : cacti Version : 0.8.7g-1+squeeze4 CVE ID : CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 CVE-2014-2708 CVE-2014-2709 CVE-2014-4002 Debian Bug : 742768 743565 752573 Multiple security issues cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising have been...
Debian: Security Advisory (DSA-2970-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mutiny 5 Arbitrary File Read and Delete
This module exploits the EditDocument servlet from the frontend on the Mutiny 5 appliance. The EditDocument servlet provides file operations, such as copy and delete, which are affected by a directory traversal vulnerability. Because of this, any authenticated frontend user can read and delete...
[SAMHAIN v3.0.11 & BELTANE v2.4.6] Host-based intrusion detection system (HIDS)
The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...
Ganglia Detection (HTTP)
HTTP based detection of Ganglia. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.103534";...
phpDenora 1.4.6 SQL Injection
Title : phpDenora = 1.4.6 Multiple SQL Injection Vulnerabilities Author : P. de Brouwer - KnickLighter @knickz0r NLSecurity - www.nlsecurity.org [email protected] Dork : intext:"Powered by phpDenora" Software : phpDenora = 1.4.6 http://sourceforge.net/projects/phpdenora/files/phpDenora/1.4.6/...
phpDenora 1.4.6 - Multiple SQL Injections
Title : phpDenora = 1.4.6 Multiple SQL Injection Vulnerabilities Author : P. de Brouwer - KnickLighter @knickz0r NLSecurity - www.nlsecurity.org [email protected] Dork : intext:"Powered by phpDenora" Software : phpDenora = 1.4.6 http://sourceforge.net/projects/phpdenora/files/phpDenora/1.4.6/...
Citrix XenApp / XenDesktop Stack-Based Buffer Overflow
No description provided by source. n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.001 28-Jul-2011 Vendor: Citrix, http://www.citrix.com Affected Products: XenApp and XenDesktop Affected Version: See the Citrix security bulletin 2 for a list Vulnerability: Stack-Based Buffer...
Debian DSA-2092-1 : lxr-cvs - missing input sanitizing
Dan Rosenberg discovered that in lxr-cvs, a code-indexing tool with a web frontend, not enough sanitation of user input is performed; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...