CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2013-0348
https://notcve.org/view.php?id=CVE-2013-0348
13 Dec 2013 — thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. thttpd.c en sthttpd antes de 2.26.4-r2 y httpd 2.25b usa permisos de lectura universales para / var / log / thttpd.log, lo que permite a usuarios locales obtener información sensible mediante la lectura del archivo. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00050.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 71EXPL: 0CVE-2013-2031 – Debian Security Advisory 2891-3
https://notcve.org/view.php?id=CVE-2013-2031
28 Oct 2013 — MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5, permite a atacantes remotos realizar ataques cross-site scripting (XSS), como demostrado por una sección CDATA conteniendo secuencias válidas codificadas con UTF-7 en un ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0CVE-2013-2032 – Gentoo Linux Security Advisory 201310-21
https://notcve.org/view.php?id=CVE-2013-2032
28 Oct 2013 — MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. MediaWiki anteriores a 1.19.6, y 1.20.x anteriores a 1.20.5 no permite a las extensiones prevenir cambios en las contraseñas sin usar Special:PasswordReset y Special:ChangePassword, lo cual permite a atacantes remoto... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 27%CPEs: 27EXPL: 1CVE-2010-1159 – Aircrack-NG Tools svn r1675 - Remote Heap Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-1159
07 Oct 2013 — Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet. Múltiples desbordamientos de buffer basados en memoria dinámica en Aircrack-ng anteriores a 1.1 permiten a atacantes remotos causar denegación de servicio (caída) y ejecutar código arbitrario a través de (1) un valor grande en un paquete EAPOL o (2) un paquete EAPOL grande. A buffer over... • https://www.exploit-db.com/exploits/12217 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 39EXPL: 0CVE-2012-4893 – Mandriva Linux Security Advisory 2014-062
https://notcve.org/view.php?id=CVE-2012-4893
11 Sep 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en file/show.cgi en Webmin v1.590 y anteriores, permite a atacantes remotos secuestrar la autenticación de usaurios privilegiados pa... • http://americaninfosec.com/research/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.0EPSS: 1%CPEs: 39EXPL: 0CVE-2012-2981 – Mandriva Linux Security Advisory 2014-062
https://notcve.org/view.php?id=CVE-2012-2981
11 Sep 2012 — Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter. Webmin v1.590 y anteriores permite a usuarios remotos autenticados ejecutar cualquier código Perl de su elección a través de un archivo (creado para tal fin) asociado con el parámetro 'type'(también conocido como 'monitor type name'). Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620.... • http://americaninfosec.com/research/index.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 79%CPEs: 39EXPL: 19CVE-2012-2982 – Webmin 1.580 - '/file/show.cgi' Remote Command Execution
https://notcve.org/view.php?id=CVE-2012-2982
11 Sep 2012 — file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character. file/show.cgi en Webmin v1.590 y anteriores permite a usuarios remotos autenticados ejecutar código arbitrario a través de un carácter no válido en un nombre de ruta, como se demostró con | (pipe). Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680... • https://www.exploit-db.com/exploits/21851 •
CVSS: 7.5EPSS: 50%CPEs: 39EXPL: 2CVE-2012-2983 – Webmin Edit_html.cgi File Parameter Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2012-2983
11 Sep 2012 — file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. file/edit_html.cgi en Webmin v1.590 y anteriores no realiza una comprobación de autorización antes de mostrar el contenido de un archivo sin editar, lo que permite a atacantes remotos leer archivos de su elección a través del campo de archivo. Multiple XSS, CSRF, and arbitrary code execution vulnerabilities... • https://packetstorm.news/files/id/180804 • CWE-287: Improper Authentication •
CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2011-1098 – logrotate: TOCTOU race condition by creation of new files (between opening the file and moment, final permissions have been applied) [information disclosure]
https://notcve.org/view.php?id=CVE-2011-1098
30 Mar 2011 — Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. Condición de carrera en la función createOutputFile en logrotate.c en logrotate v3.7.9 y anteriores permite a usuarios locales leer los datos de registro mediante la apertura de un archivo antes de que los permisos previstos este activos. • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2011-1154 – logrotate: Shell command injection by using the shred configuration directive
https://notcve.org/view.php?id=CVE-2011-1154
30 Mar 2011 — The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. La función shred_file en logrotate.c en logrotate v3.7.9 y anteriores puede permitir a atacantes dependiendo del contexto, ejecutar comandos vía metacaracteres de la shell en un fichero de registro, como lo demue... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057845.html • CWE-20: Improper Input Validation •