Solarwinds LEM Management Shell Arbitrary File Read

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-36: Absolute Path Traversal Impact: Information Disclosure Attack vector: SSH 2. Vulnerability Description The...

Roundcube1. 2. 2 by email command execution vulnerability analysis-vulnerability warning-the black bar safety net

Foreword Roundcube is an open source web version of the email software, which are widely distributed, many of the world's organizations and companies are in use. From ScourceForge the mirror view, the past 1 years it has 26 million downloads, this is still just the actual user in a small part. As...

ABB Panel Builder 800 DLL Handling Vulnerability

ABB Panel Builder 800 is a Web-based HMI Human Machine Interface system. ABB Panel Builder fails to properly handle DLL files, allowing an attacker to inject and execute arbitrary code using a DLL with an unspecified absolute path...

CVE-2015-8794

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the alt parameter, related to contact photo handling...

Path traversal

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the alt parameter, related to contact photo handling...

UBUNTU-CVE-2015-8794

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the alt parameter, related to contact photo handling...

CVE-2015-8794

Roundcube Webmail contains an absolute path traversal vulnerability in program/steps/addressbook/photo.inc, affecting Roundcube before 1.0.6 and 1.1.x before 1.1.2. A remote authenticated user can read arbitrary files by supplying a full pathname in the _alt parameter during contact photo handlin...

FreeBSD : libarchive -- multiple vulnerabilities (7c63775e-be31-11e5-b5fe-002590263bf5)

MITRE reports : Integer signedness error in the archivewritezipdata function in archivewritesetformatzip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service crash via unspecified vectors, which triggers an improper...

CVE-2015-4703

Absolute path traversal vulnerability in mysqldumpdownload.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter...

CVE-2015-4703

CVE-2015-4703 describes an absolute path traversal in the WordPress Rename plugin (version 1.0) for WordPress. The vulnerability resides in mysqldump_download.php, where an attacker can read arbitrary files by supplying a full pathname in the dumpfname parameter. This affects the plugin as instal...

CVE-2015-2875

Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi...

CVE-2015-2875

CVE-2015-2875 describes an absolute path traversal in Seagate/LaCie wireless storage firmware prior to 3.4.1.105. A remote attacker with wireless access could read arbitrary files by supplying a full pathname in a download request during a Wi‑Fi session. Affected devices include: Seagate GoFlex S...

CVE-2015-7250

Affected devices: ZTE ZXHN H108N R1A and ZXV10 W300 routers. Vulnerability: CVE-2015-7250 — absolute path traversal in the webproc CGI module (cgi-bin/webproc) allows remote attackers to read arbitrary files via an unvalidated full pathname supplied to the getpage parameter. Root cause: unrestric...

FCKeditor /spellchecker.php 页面绝对路径泄露

No description provided by source...

CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin

Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 Pending CVSS: 6.3 Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N CWE: CWE-22 Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read...

Updated fuseiso packages fix security vulnerabilities

An integer overflow, leading to a heap-based buffer overflow flaw was found in the way FuseISO, a FUSE module to mount ISO filesystem images, performed reading of certain ZF blocks of particular inodes. A remote attacker could provide a specially-crafted ISO file that, when mounted via the fuseis...

Siemens Automation License Manager ‘almaxcx.dll’绝对路径遍历漏洞

Siemens Automation License Manager ALM 2.0至5.1+SP1+Upd2版本中的图形用户界面中almaxcx.dll ALMListView.ALMListCtrl ActiveX控件中存在绝对路径遍历漏洞。远程攻击者可利用该漏洞借助Save方法重写任意文件。...

VulnCheck KEV: CVE-2015-5065

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...

WordPress Font Plugin <= 7.5.0 - Absolute Path Traversal

This vulnerability allows the administrators to read arbitrary files via a full pathname in the "URL" parameter to AjaxProxy.php. Solution Update the plugin...

Debian DLA-323-1 : fuseiso security update

The following two issues have recently been fixed in Debian LTS squeeze for the fuseiso package. Issue 1 An integer overflow, leading to a heap-based buffer overflow flaw was found in the way FuseISO, a FUSE module to mount ISO filesystem images, performed reading of certain ZF blocks of particul...