1646 matches found
CVE-2018-7442
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...
DEBIAN-CVE-2018-7442
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...
UBUNTU-CVE-2018-7442
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...
PT-2018-18074 · Dan Bloomberg +1 · Leptonica +1
Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.4 Description: The issue allows local users to potentially overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, due to the use of hardcoded /tmp...
CVE-2018-7442
CVE-2018-7442 affects Leptonica up to 1.75.3 where gplotMakeOutput does not block '/' in the gplot rootname, enabling path traversal and arbitrary file overwrite. The vulnerability is reachable remotely (CVSS says NETWORK) with no authentication required and no user interaction. Impact per source...
CVE-2018-7442
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...
CVE-2018-7442
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...
PT-2018-18075 · Dan Bloomberg +1 · Leptonica +1
Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.4 Description: An issue was discovered where the gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...
Design/Logic Flaw
This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw...
CVE-2018-0122
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient...
USN-3555-1 w3m vulnerabilities
It was discovered that w3m incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. CVE-2018-6196, CVE-2018-6197 It was discovered that w3m incorrectly handled temporary files. An attacker could possibly use this to overwrite arbitrary files...
w3m Arbitrary File Overwrite Vulnerability
w3m is an open source text-based Web browser . A security vulnerability exists in w3m 0.5.3 and earlier versions, which stems from the program failing to properly handle temporary files. A local attacker can exploit this vulnerability by performing a symbolic link attack to overwrite arbitrary...
CVE-2018-6198
w3m through 0.5.3 does not properly handle temporary files when the /.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files...
CVE-2017-16598
This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...
CVE-2017-16601
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
Syncthing Symbolic Link Traversal Vulnerability
Syncthing is an open source continuous file synchronization program. A security vulnerability exists in Syncthing 0.14.33 and earlier versions. An attacker can exploit the vulnerability to overwrite arbitrary files...
Design/Logic Flaw
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite...
CVE-2017-1000420
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite...
UBUNTU-CVE-2017-1000420
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite...
CVE-2017-1000420
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite...