CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2013-0348
https://notcve.org/view.php?id=CVE-2013-0348
13 Dec 2013 — thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. thttpd.c en sthttpd antes de 2.26.4-r2 y httpd 2.25b usa permisos de lectura universales para / var / log / thttpd.log, lo que permite a usuarios locales obtener información sensible mediante la lectura del archivo. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00050.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 71EXPL: 0CVE-2013-2031 – Debian Security Advisory 2891-3
https://notcve.org/view.php?id=CVE-2013-2031
28 Oct 2013 — MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5, permite a atacantes remotos realizar ataques cross-site scripting (XSS), como demostrado por una sección CDATA conteniendo secuencias válidas codificadas con UTF-7 en un ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0CVE-2013-2032 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-2032
28 Oct 2013 — MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5 no permite a las extensiones prevenir cambios en las contraseñas sin usar Special:PasswordReset y Special:ChangePassword, lo cual permite a atacantes remoto... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 27%CPEs: 27EXPL: 1CVE-2010-1159 – Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-1159
07 Oct 2013 — Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet. Múltiples desbordamientos de buffer basados en memoria dinámica en Aircrack-ng anteriores a 1.1 permiten a atacantes remotos causar denegación de servicio (caída) y ejecutar código arbitrario a través de (1) un valor grande en un paquete EAPOL o (2) un paquete EAPOL grande. A buffer over... • https://www.exploit-db.com/exploits/12217 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 39EXPL: 0CVE-2012-4893 – Mandriva Linux Security Advisory 2014-062
https://notcve.org/view.php?id=CVE-2012-4893
11 Sep 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en file/show.cgi en Webmin v1.590 y anteriores, permite a atacantes remotos secuestrar la autenticación de usaurios privilegiados pa... • http://americaninfosec.com/research/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 50%CPEs: 39EXPL: 2CVE-2012-2983 – Webmin Edit_html.cgi File Parameter Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2012-2983
11 Sep 2012 — file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. file/edit_html.cgi en Webmin v1.590 y anteriores no realiza una comprobación de autorización antes de mostrar el contenido de un archivo sin editar, lo que permite a atacantes remotos leer archivos de su elección a través del campo de archivo. Multiple XSS, CSRF, and arbitrary code execution vulnerabilities... • https://packetstorm.news/files/id/180804 • CWE-287: Improper Authentication •
CVSS: 8.0EPSS: 1%CPEs: 39EXPL: 0CVE-2012-2981 – Mandriva Linux Security Advisory 2014-062
https://notcve.org/view.php?id=CVE-2012-2981
11 Sep 2012 — Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter. Webmin v1.590 y anteriores permite a usuarios remotos autenticados ejecutar cualquier código Perl de su elección a través de un archivo (creado para tal fin) asociado con el parámetro 'type'(también conocido como 'monitor type name'). Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620.... • http://americaninfosec.com/research/index.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 82%CPEs: 39EXPL: 19CVE-2012-2982 – Webmin 1.580 - '/file/show.cgi' Remote Command Execution
https://notcve.org/view.php?id=CVE-2012-2982
11 Sep 2012 — file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character. file/show.cgi en Webmin v1.590 y anteriores permite a usuarios remotos autenticados ejecutar código arbitrario a través de un carácter no válido en un nombre de ruta, como se demostró con | (pipe). Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680... • https://www.exploit-db.com/exploits/21851 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1550
https://notcve.org/view.php?id=CVE-2011-1550
30 Mar 2011 — The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. La configuración por defecto de logrotate en SUSE openSUSE Factory utiliza privilegios de administrador para procesar fich... • http://openwall.com/lists/oss-security/2011/03/04/16 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1549
https://notcve.org/view.php?id=CVE-2011-1549
30 Mar 2011 — The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. La configuración por defecto en logrotate en Gentoo Linux utiliza privilegios de administrador para procear archivos en directorios que permite a no-administradores acceso d... • http://openwall.com/lists/oss-security/2011/03/04/16 • CWE-264: Permissions, Privileges, and Access Controls •