Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation
Via Insecure RPATH in HP Array Configuration Utility, HP Array
Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear
Gauge Utility Running on Linux
CVE: CVE-2013-6216
Vendor: HP
Product: HP Array Configuration Uti
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation
Via Insecure RPATH in BMC Patrol for AIX
CVE: CVE-2014-2591
Vendor: BMC
Product: Patrol for AIX
Affected version: 3.9.00
Fixed version: N/A
Reported by: Tim Brown
Details:
It has been identified that binaries that are executed
Document Title:
===
PDF Album v1.7 iOS - File Include Web Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1255
Release Date:
=
2014-04-11
Vulnerability Laboratory ID (VL-ID):
==
In the last few days i see more and more scan's for an new php url
"/phpTest/zologize/axa.php" i never seen before on the server.
I think this can be an preparation for an new attack. Is there anything
known about this url and possible defects ?
Information: No Header is send with the request and
Seems to be a shopping cart software. A quick dork for that URI yields a
lot of results that seem to be susceptable to various well-known attack
vectors via a couple of quick (&harmless) manual checks.
- Mike
On Mon, Apr 14, 2014 at 5:29 PM, Thomas Lußnig wrote:
> In the last few days i see m
