Ubuntu: Security Advisory (USN-2753-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2753-2 lxc regression

USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that prevented some containers from starting. This regression only affected containers that had an absolute path specified as a bind mount target in their configuration file. This update fixes the problem. We apologize for th...

Gentoo Security Advisory GLSA 201411-05

Gentoo Linux Local Security Checks GLSA 201411-05 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Absolute Path Traversal Vulnerability

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are both products of General Electric Company GE, U.S.A. GE Digital Energy MDS PulseNET is a suite of software applications for monitoring and controlling industrial communication network devices. Enterprise is an enterprise version of MD...

CVE-2015-6459

CVE-2015-6459 covers an absolute path traversal in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise FileDownloadServlet prior to version 3.1.5. The vulnerability arises from insufficient validation in the download function, allowing remote attackers to read or delete arbitrary files via...

Path traversal

Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter...

CVE-2015-5472

CVE-2015-5472 affects the WordPress IBS Mappro plugin (prior to version 1.0). A flaw in lib/download.php allows an attacker to perform absolute path traversal by supplying a full pathname in the file parameter, enabling reading of arbitrary files on the server. The vulnerability is confirmed acro...

SiteFactory CMS Absolute Path Traversal Vulnerability

Mindbite SiteFactory CMS is a content management system CMS developed by Mindbite Switzerland. An absolute path traversal vulnerability exists in Mindbite SiteFactory CMS version 5.5.9, which can be exploited by remote attackers to read arbitrary files...

CVE-2015-6914

CVE-2015-6914 affects Mindbite SiteFactory CMS 5.5.9. The vulnerability is an absolute path traversal in the assets/download.aspx endpoint, where a full pathname supplied in the file parameter allows remote attackers to read arbitrary files on the server. The entry cites a CVSSv2 base score of 7....

Amazon Linux: Security Advisory (ALAS-2014-442)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Swim Team Plugin <= 1.44.10777 - Absolute Path Traversal

This vulnerability is in include/user/download.php. It allows an attacker to read arbitrary files via a full pathname in the "file" parameter. Solution Update the plugin...

WordPress IBS Mappro Plugin <= 0.9 - Absolute Path Traversal

This vulnerability is in lib/download.php. It allows an attacker to read arbitrary files via a full pathname in the "file" parameter. Solution Update the plugin...

Path traversal

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...

CVE-2014-1836

ImpressCMS 1.3.5 and earlier contain an absolute path traversal in htdocs/libraries/image-editor/image-edit.php via the image_path parameter in a cancel action, enabling remote attackers to delete arbitrary files. This is associated with CVE-2014-1836 and is documented in multiple advisories (GHS...

WordPress Plugin Paypal Currency Converter Basic For WooCommerce Absolute Path Traversal Vulnerability

WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on PHP and MySQL servers.Paypal Currency Converter Basic For WooCommerce is one of the plugins that supports using Paypal payments in the WooCommerc...

CVE-2015-5065

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...

Path traversal

Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...

CVE-2015-5065

CVE-2015-5065 describes an absolute path traversal vulnerability in the WordPress plugin “Paypal Currency Converter Basic For WooCommerce” (WooCommerce integration). In proxy.php, the google currency lookup exposes a flaw that allows remote attackers to read arbitrary files by supplying a full pa...

WordPress WooCommerce Plugin <= 1.3 - Absolute Path Traversal

This vulnerability is in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin. It allows an attacker to read arbitrary files in the "requrl" parameter via a full pathname. Solution Update the plugin...

Create 'my.txt' Working Directory 37 Bytes

Create 'my.txt' Working Directory 37 Bytes. Shellcode exploit for linx86 platform / Title: Create 'my.txt' in present working directory of vulnerable software Length: 37 bytes Date: 3 April 2015 Author: Mohammad Reza Ramezani mr.ramezani.edu at gmail com - g+ Tested On: kali-linux-1.0.6-i386...