Page 2 of 7 results (0.007 seconds)

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories. Vulnerabilidad de ruta de búsqueda no confiable en python-paste-script (también conocido como paster) en Luci 0.26.0, cuando se comienza a usar el initscript, permite a usuarios locales obtener privilegios a través de un caballo de troya en el archivo .egg-info en el (1) directorio de trabajo actual o (2) sus directorios padres. A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. • http://rhn.redhat.com/errata/RHSA-2013-1603.html https://bugzilla.redhat.com/show_bug.cgi?id=990321 https://access.redhat.com/security/cve/CVE-2013-4482 •

CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0

The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. La configuración por defecto de Luci v0.22.4 y anteriores en Red Hat Conga utiliza "[INSERT SECRET HERE]" como su clave secreta para las cookies, lo que facilita a los atacantes remotos el saltarse la autenticación a través de una cookie repoze.who falsificada. • http://git.fedorahosted.org/git/?p=luci.git%3Ba=commit%3Bh=9e0bbf0c5faa198379d945474f7d55da5031cacf http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050244.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050246.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050309.html http://osvdb.org/69015 http://secunia.com/advisories/42113 http://secunia.com/advisories/42123 http://www.securityfocus.com/bid/44611 http://www.vupen.com/e • CWE-287: Improper Authentication •