2829 matches found
MariaDB, MySQL: Root privilege escalation
Background MySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. Description The Gentoo installation scripts before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging...
tomcat: Remote Code Execution bypass for CVE-2017-12615
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...
tomcat: Remote Code Execution bypass for CVE-2017-12615
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...
CVE-2017-15945
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql...
CVE-2017-15945
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql...
CVE-2015-3248
openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service disk consumption...
Design/Logic Flaw
openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service disk consumption...
UBUNTU-CVE-2015-3248
openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service disk consumption...
CVE-2015-3248
openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service disk consumption...
CVE-2017-14428
D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices have 0666 /var/run/hostapd permissions...
CVE-2017-14424
D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 and REV. B with firmware through FW208WWb02 devices have 0666 /var/passwd permissions...
CVE-2017-7560
CVE-2017-7560 concerns the rhnsd daemon. Multiple connected documents reiterate that pid files are created world-writable, enabling a local attacker to fill disks or kill selected processes. This is a local-risk issue with impact on availability, as described in the sources. The provided document...
CVE-2017-7560
It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes...
CVE-2017-7560
Removed by vendor...
CVE-2014-8677
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and...
CVE-2015-1378
cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users...
CVE-2015-1378
cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users...
CVE-2017-4922
VMware vCenter Server 6.5 prior to 6.5 U1 contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical...
Information disclosure
VMware vCenter Server 6.5 prior to 6.5 U1 contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical...
CVE-2017-4922
VMware vCenter Server 6.5 prior to 6.5 U1 contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical...