If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the "install_4.php" script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it.
806d396b8f8393708196c84967f4c3db14adf4f64c443cf3f37029101e6385f9GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
d95b361ee6ef7eff86af40c8c72bf9313736ac9f7010d6604d78bf83818e976eLynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
487dc69cb8c484f05b8d8dc3e425ede0af91cb3524e7e69ed6d83a675ac16e18CA Technologies Support is alerting customers to a potential risk with CA Spectrum. A vulnerability exists that can allow an unauthenticated remote attacker to cause a denial of service. CA has solutions to resolve the vulnerability. The vulnerability occurs due to how a Spectrum network service handles invalid data. A remote attacker can send a request that may disrupt a Spectrum service and potentially cause further product instability.
c42461b24c68708141823de35f39bffa1179f622bd996847c2c2cea9ae1ef49aTrovebox versions 4.0.0-rc6 and below suffer from authentication bypass, server-side request forgery, unsafe token generation, nd remote SQL injection vulnerabilities.
2bd9eba90c187412520d8986e92dd1c4480228cda7bb0eec67f1460e5d7e18acArastta version 1.6.2 suffers from a cross site scripting vulnerability.
ab0d5dc30e68f0810d8e6d0256a4d03a044708655b0b5bd5bdccb7bd396d5abcApache Hadoop versions 2.2.0 through 2.7.3 suffer from a privilege escalation vulnerability.
6c4fa5cf474021190a2bc75365dabc9d8f684355af05542da0662e0af9dc8274Red Hat Security Advisory 2018-1275-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a privilege escalation vulnerability.
f081bfc860c9249baee3932e9dc2a576ef9e19aafaaa8da832bb76c0f0f9410dRed Hat Security Advisory 2018-1274-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. The following packages have been upgraded to a later upstream version: python-paramiko. Issues addressed include a bypass vulnerability.
5a162a410e015621060082f9069e1f4b6660aa3afa2edab19ed988184231de74Gentoo Linux Security Advisory 201805-3 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary code. Versions less than 66.0.3359.139 are affected.
92fabe6db808b42c994e0d07f211186b4d44ec6892a4137d4a070e8820259a62Gentoo Linux Security Advisory 201805-2 - A buffer overflow in Python might allow remote attackers to execute arbitrary code. Versions less than 2.7.14:2.7 are affected.
6b299a610b8cc521b013f1fa00322f4750e169529954acece5d98c9ad28f03a0Gentoo Linux Security Advisory 201805-1 - A vulnerability was discovered in hesiod which may allow remote attackers to gain root privileges. Versions less than or equal to 3.1.0 are affected.
d71e1907fc85fa9d90fdc79354a0545a3ebeb6c923240f5a0162fe5126a50ff1Red Hat Security Advisory 2018-1278-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a bypass vulnerability.
bc4c1a7de774c5033cc7404b418e1050514213ab7f4c0f78240d803da8a857cdRed Hat Security Advisory 2018-1264-01 - Red Hat Mobile Application Platform 4.6.0 consists of three main components: Core - development and management of apps occurs in the RHMAP Core, which can be installed either in an on-premise installation of OpenShift Container Platform 3.x. MBaaS - Application data, runtimes, and integrations are deployed to the RHMAP MBaaS installed on OpenShift Container Platform 3.x. Build Farm - deployed separately from the Core and the MBaaS, the Build Farm is shared between all instances of RHMAP. Third-party Linux, Windows, and Apple server hosting providers are used to support building client app binaries for all platforms. Issues addressed include denial of service and remote file inclusion vulnerabilities.
d0a9835c457668550027216db69532e0ea3e19e0154509a0cf6c1aa4fb7832fdFlexense DiskSorter versions 9.5.12 through 10.7 suffer from a cross site scripting vulnerability.
2cb546d947d2f7a09cf7f9be7331d70a72a933992fc636e3229da8a416f239a5Flexense VX Search versions 10.1.12 through 10.7 suffer from a cross site scripting vulnerability.
4c85fdf321105e43718e02bdc42a298d3580629c47db62853e09597ec9d82ecbFlexense DupScout versions 10.0.18 through 10.7 suffer from a cross site scripting vulnerability.
951657f6ad6ac49a82b5963b4c9ecdca3cf12989b725cad31e79f7409e82bd14Exim versions prior to 4.90.1 suffer from a base64d remote code execution vulnerability.
7ca9d4d2ad8a8f94f402c2a0986a1bcb33596bff697621e2afcde815f2f4b0d8LibreOffice version 6.0.3 and OpenOffice version 4.1.5 suffers from a .odt information disclosure vulnerability.
8dfaa0fc230503b0a244b16cf2420d39f87af8b19b498af30d536f1a99b040c9Debian Linux Security Advisory 4188-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
c04940bd4f6e00821a6373ebaafc1e5cd084607d9b3667203e468f8e5190068aFlexense Disksavvy versions 10.4 through 10.7 suffer from a cross site scripting vulnerability.
6b16df74a22073fe41ea3af1efe19e833c26518f07c851e215d42bc4f5840aa2Flexense DiskBoss versions 7.4.28 through 9.1.16 suffer from a cross site scripting vulnerability.
06530afdb4c44f4ac3c0b4515fc745c604a661b62d3a009b336669c7ff9bfefbDebian Linux Security Advisory 4187-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
e47605adb85ececbd4ae2974c9376652991663a139c1e597e8d245b3700d48a9Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
b494f05ed9a35591f44777c8963b8773ab29cff1382fb4c5a02794038fc07ffeSlackware Security Advisory - New libwmf packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
e36e4f72eb165ba8766f63e12181c95dca942d5b1f2756db4eedb949f09b3bc5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed