MIT Kerberos5 <= 1.16 Multiple Vulnerabilities

MIT Kerberos5 is prone to a Denial of Service DoS and an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Code injection

Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets-Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension...

[SECURITY] Fedora 26 Update: calamares-3.1.8-1.fc26

Calamares is a distribution-independent installer framework, designed to in stall from a live CD/DVD/USB environment to a hard disk. It includes a graphical installation program based on Qt 5. This package includes the Calamares framework and the required configuration files to produce a working...

CVE-2017-16566

On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication such as passwd and shadow. This can be abused to take full root level control of the device...

Unspecified vulnerability in MediaWiki language converter

MediaWiki is a free and free web-based wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy internal knowledge management and content management systems. language converter is one of the language converters. A security vulnerabilit...

D-Link 850L Firmware B1 Admin Password Disclosure Vulnerability - Active Check

D-Link 850L Firmware B1 is vulnerable to an admin password disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Lessons from the Equifax Breach

When we see a car wreck it’s very easy to slow down and gawk. The first thing we think is “Wow, that’s awful,” quickly followed by “Whew… glad that wasn’t me,” and then we drive on. Most of us don’t spend time thinking about how the wreck happened -- we were just glad it wasn’t us. A similar...

SpiderControl SCADA Web Server Elevation of Privilege Vulnerability

SCADA Web Server is a software management platform. An elevation of privilege vulnerability exists in SpiderControl SCADA Web Server. An authenticated, non-administrative local user could change the service executable with elevated privileges, allowing an attacker to execute arbitrary code in the...

RubyGems &lt; 2.6.13 - Arbitrary File Overwrite

There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...

RubyGems < 2.6.13 - Arbitrary File Overwrite Exploit

Exploit for linux platform in category local exploits There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file...

Concrete CMS: SSRF thru File Replace

Hello Team, Version: 8.2.0 Details: I have found a possibility of Server Side Request Forgery via file 'Replace' functionality. An attacker / malicious user is able to scan local network and able to enumerate open TCP ports. The root of cause of this vulnerability: - you are allowing to use...

CVE-2017-2491

Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file...

RubyGems: Installing a crafted gem package may create or overwrite files

There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...

MS15-101: Description of the security update for the .NET Framework 4.5, 4.5.1, and 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2: September 8, 2015

MS15-101: Description of the security update for the .NET Framework 4.5, 4.5.1, and 4.5.2 on Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2: September 8, 2015 View products that this article applies to. Summary...

CVE-2017-7884

In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM...

Foscam camera directory permission misassignment vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera suffers from a directory permission misassignment vulnerability, due to which any local user can replace an archive to gain root privileges. The software...

Riverbed SteelHead Arbitrary File Read Vulnerability

Riverbed SteelHead VCX is prone to an authenticated arbitrary file read vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Avast Antivirus Arbitrary File Deletion Vulnerability

Avast Antivirus is a suite of antivirus software from the Czech company Avast. An arbitrary file deletion vulnerability exists in versions prior to Avast Antivirus 17. An attacker can exploit this vulnerability to replace or delete arbitrary files...

MediaWiki cross-site scripting vulnerability (CNVD-2017-06566)

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in the...

Insecure /Tmp File Handling

Salt handles /tmp files through salt/modules/chef.py insecurely. This may allow attackers to replace the file with a malicious file...