StudioLine Photo Basic NMSDVDXU.dll ActiveX EnableLog() Arbitrary File Overwrite

The remote host has a version of StudioLine Photo Basic less than or equal to 3.70.34.0 installed. Such versions are affected by an arbitrary file overwrite vulnerability in the EnableLog method on the NMSDVDXU.dll ActiveX control. By tricking a victim into opening a specially crafted web page, a...

Metasploit pcap_log Privlege Escalation

================ 0A29-12-2 : Metasploit 'pcaplog' plugin privilege escalation vulnerability Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Metasploit plugin 'pcaplog' is vulnerable to an arbitrary file...

Metasploit pcap_log Privlege Escalation

Exploit for windows platform in category local exploits ================ 0A29-12-2 : Metasploit 'pcaplog' plugin privilege escalation vulnerability Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Metasploi...

Arbitary file overwrite symlink in libodm

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Thu Jun 20 13:00:02 CDT 2012 Updated: Mon Oct 29 11:43:29 CDT 2012 Update: IFIX and CSUM for 6100-07-04 Update: New ifixes for the latest SP's Updated: Thu May 23 11:04:10 CDT 2014 Update: New APAR/Interim Fixes...

Ecava IntegraXor igcom.dll Traversal Arbitrary File Overwrite

Binary data scadaintegraxor3714200.nbin...

Puppet uses predictable filenames, allowing arbitrary file overwrite

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages...

php: file path injection vulnerability in RFC1867 file upload filename

The rfc1867posthandler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request...

Apache Struts remote command execution and arbitrary file overwrite vulnerabilities-vulnerability warning-the black bar safety net

Release Date: 2 0 1 2 year 0 1 month 0 8 day Affected Software and systems Apache Struts 2.3.1 and following versions Vulnerability description Apache Struts is a development of Java Web application open source Web application framework. Apache Struts in the realization of the presence of the...

SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2

SEC Consult Vulnerability Lab Security Advisory 20120104-0 ======================================================================= title: Multiple critical vulnerabilities in Apache Struts2 product: Apache Struts2 OpenSymphony XWork OpenSymphony OGNL vulnerable version: 2.3.1 and below fixed...

Apache Struts 2 < 2.3.1 - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Apache Struts2 product: Apache Struts2 OpenSymphony XWork OpenSymphony OGNL vulnerable version: 2.3.1 and below fixed version: 2.3.1....

Apache Struts 2 2.3.1 - Multiple Vulnerabilities

Apache Struts 2 2.3.1 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Apache Struts2 product: Apache Struts2 OpenSymphony XWork OpenSymphony OGNL vulnerab...

SuSE 11.1 Security Update : radvd (SAT Patch Number 5397)

This update of radvd fixes the following security flaws : - arbitrary file overwrite flaw through unsanitized interface names CVE-2011-3602, - missing return value checks in privsepinit which could cause radvd to keep running with root privileges CVE-2011-3603, - buffer overread flaws in the...

Oracle AutoVue AutoVueX ActiveX Control ExportEdaBom Arbitrary File Overwrite

Added: 11/07/2011 BID: 50332 OSVDB: 76539 Background Oracle AutoVue Enterprise Visualization is a suite of Oracle products designed to deliver a web-based capability to access, view, digitally annotate and collaborate on technical and business documents, without requiring specialized computer-aid...

php: file path injection vulnerability in RFC1867 file upload filename

The rfc1867posthandler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request...

Debian DSA-2323-1 : radvd - several vulnerabilities

Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon : - CVE-2011-3602 setinterfacevar function doesn't check the interface name, which is chosen by an unprivileged user. This could lead to an arbitrary file overwrite if the attacker has local...

Puppet uses predictable filenames, allowing arbitrary file overwrite

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...

HP Easy Printer Care Software HPTicketMgr.dll Directory Traversal (CVE-2011-2404)

A code execution vulnerability has been reported in HP Easy Printer Care Software. The vulnerability is due to insufficient input validation by an ActiveX control within the affected product. A remote attacker may exploit this vulnerability by enticing an affected user to open a malicious link...

Fedora 16 : ecryptfs-utils-90-1.fc16 (2011-10671)

privilege escalation via mountpoint race conditions CVE-2011-1831, CVE-2011-1832 - race condition when checking source during mount CVE-2011-1833 - mtab corruption via improper handling CVE-2011-1834 - key poisoning via insecure temp directory handling CVE-2011-1835 - information disclosure via...

Fedora 14 : ecryptfs-utils-90-1.fc14 (2011-10718)

privilege escalation via mountpoint race conditions CVE-2011-1831, CVE-2011-1832 - race condition when checking source during mount CVE-2011-1833 - mtab corruption via improper handling CVE-2011-1834 - key poisoning via insecure temp directory handling CVE-2011-1835 - information disclosure via...

Fedora 15 : ecryptfs-utils-90-1.fc15 (2011-10733)

privilege escalation via mountpoint race conditions CVE-2011-1831, CVE-2011-1832 - race condition when checking source during mount CVE-2011-1833 - mtab corruption via improper handling CVE-2011-1834 - key poisoning via insecure temp directory handling CVE-2011-1835 - information disclosure via...