[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15134 Download | Alert*

The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the HESIOD_CONFIG or HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary.

The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.

The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the HESIOD_CONFIG or HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary.

The SingleDocParser::HandleNode function in yaml-cpp 0.5.3 allows remote attackers to cause a denial of service via a crafted YAML file.

The host is installed with Atlassian Jira Server before 8.5.14, 8.6.0 before 8.13.6 or 8.14.0 before 8.16.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application which fails to properly handle an issue in the EditWorkflowScheme.jspa component. Successful exploitation could allow attackers to inject arbitrary HTML or JavaScript.

The host is installed with Atlassian Jira Server before 7.13.16, 8.0.0 before 8.5.7, 8.6.0 before 8.9.2 or 8.10.0 before 8.10.1 and is prone to an information disclosure vulnerability. A flaw is present in the application which fails to properly handle an issue in the Administration Permission Helper. Successful exploitation could allow remote attackers to view titles of a private project via an I ...

The host is installed with Atlassian Jira Server before 8.7.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application which fails to properly handle an issues in the tomcat. Successful exploitation could allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module.

The host is installed with Atlassian Jira Server before before before 8.5.5 or 8.6.0 before 8.7.2 and is prone to a DLL hijacking vulnerability. A flaw is present in the application which fails to properly handle an issues in the tomcat. Successful exploitation could allow remote attackers to to execute arbitrary code via a DLL hijacking vulnerability in Tomcat.

The host is installed with Atlassian Jira Server before 7.13.17, 7.14.0 before 8.5.8 or 8.6.0 before 8.12.0 and is prone to an information disclosure vulnerability. A flaw is present in the application which fails to properly handle an issue in the /browse.PROJECTKEY endpoint. Successful exploitation could allow remote attackers to enumerate project keys.

The host is installed with Atlassian Jira Server before 8.5.8 or 8.6.0 before 8.11.1 and is prone to an information disclosure vulnerability. A flaw is present in the application which fails to properly handle an issue in the /secure/QueryComponent!Default.jspa endpoint. Successful exploitation could allow unauthenticated attackers to view custom field names and custom SLA names.


Pages:      Start    997    998    999    1000    1001    1002    1003    1004    1005    1006    1007    1008    1009    1010    ..   1513

© SecPod Technologies