1646 matches found
Scientific Linux Security Update : abrt on SL6.x i386/x86_64 (20150707)
It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on the system. CVE-2015-3315 It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to...
Apple MAC OS X kextd Symbolic Link Arbitrary File Overwrite Vulnerability
Apple Mac OS X is a commercial operating system. Apple Mac OS X kextd suffers from a symbolic link vulnerability that allows attackers to run malicious applications and overwrite arbitrary files...
Tanium Arbitrary File Overwrite Vulnerability
Tanium is an endpoint protection and management platform. An arbitrary file overwrite vulnerability exists in Tanium, which allows attackers to exploit the vulnerability to corrupt system files and conduct denial-of-service attacks...
OpenJDK: jar directory traversal issues (Tools, 8064601)
A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...
abrt: does not validate contents of uploaded problem reports
It was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other...
OpenJDK: jar directory traversal issues (Tools, 8064601)
A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...
OpenJDK: jar directory traversal issues (Tools, 8064601)
A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...
jar: directory traversal vulnerability
A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...
VideoLAN libbluray Directory Traversal Vulnerability
VideoLAN VLC media player is the multimedia player of VideoLAN program. A directory traversal vulnerability exists in VideoLAN libbluray due to the program failing to adequately filter user-supplied input. A remote attacker could use a directory traversal sequence of specially crafted requests '...
kgb directory traversal vulnerability
KGB is a free compression tool with high compression ratio. A directory traversal vulnerability exists in kgb, which can be exploited by a remote attacker to overwrite arbitrary files under the application using a specially crafted request with a directory traversal sequence '... /' to overwrite...
Jenkins < 1.583 / 1.565.3 and Jenkins Enterprise 1.532.x / 1.554.x / 1.565.x < 1.532.10.1 / 1.554.10.1 / 1.565.3.1 Multiple Vulnerabilities
The remote web server hosts a version of Jenkins open source or CloudBees Jenkins Enterprise that is affected by multiple vulnerabilities : - An error exists related to file upload processing that allows a remote attacker to overwrite arbitrary files. CVE-2013-2186 - An input validation error...
USN-2393-1 wget vulnerability
HD Moore discovered that Wget contained a path traversal vulnerability when downloading symlinks using FTP. A malicious remote FTP server or a man in the middle could use this issue to cause Wget to overwrite arbitrary files, possibly leading to arbitrary code execution...
MGASA-2014-0367 Updated php packages fix multiple security vulnerabilities
Updated php packages fix security vulnerabilities: Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a craft...
AIX 6.1 TL 7 : bos.rte.odm (U865807)
The remote host is missing AIX PTF U865807, which is related to the security of the package bos.rte.odm. AIX could allow a arbitrary file overwrite symlink vulnerability due to libodm.a bug. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...
AIX 7.1 TL 2 : bos.rte.odm (U865302)
The remote host is missing AIX PTF U865302, which is related to the security of the package bos.rte.odm. AIX could allow a arbitrary file overwrite symlink vulnerability due to libodm.a bug. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...
ARCservIT 6.61/6.63 Client inetd.tmp Arbitrary File Overwrite Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2748/info ARCservIT from Computer Associates contains a vulnerability which may allow malicious local users to corrupt arbitrary files. When it runs with the parameters 'inet add', 'asagent', opens and overwrites it if it...
PHP PEAR <= 1.5.3 INSTALL-AS Attribute Arbitrary File Overwrite Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24111/info PEAR is prone to a vulnerability that lets attackers overwrite arbitrary files. An attacker-supplied package may supply directory-traversal strings through the 'install-as' attribute to create and overwrite fil...
Pegasus Imaging ImagXpress 8.0 - Remote Arbitrary File Overwrite
No description provided by source. pre codespan style=font: 10pt Courier New;span class=general1-symbolbody bgcolor=E0E0E0----------------------------------------------------------------------------- bPegasus Imaging ImagXpress 8.0 Remote Arbitrary File Overwrite/b url:...
HP-UX 10.20/11.0 man /tmp symlink Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1302/info The programmers of the 'man' command on various HPUX releases have made several fatal mistakes that allow an attacker to trivially set a trap that could result in any arbitrary file being overwritten on the syst...
Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20120104-0 ======================================================================= title: Multiple critical vulnerabilities in Apache Struts2 product: Apache Struts2 OpenSymphony XWork OpenSymphony OGNL vulnerable...