Ubuntu Update for fastjar vulnerability USN-953-1

Ubuntu Update for Linux kernel vulnerabilities USN-953-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9531.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for fastjar vulnerability USN-953-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

NovellZENworks Configuration Management Code Execution

Exploit Title: ZDI-10-078: NovellZENworks Configuration Management UploadServlet Remote Code Execution Vulnerability Date: 2009-04-26 Author: tucanalamigo http://tucanalamigo.blogspot.com Software Link: http://www.novell.com/products/zenworks/configurationmanagement/ Version: 10.2 Tested on:...

CVE-2010-0156

Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/daemonout, 2 /tmp/puppetdoc.txt, 3 /tmp/puppetdoc.tex, or 4 /tmp/puppetdoc.aux temporary file...

tomcat: unexpected file deletion and/or alteration

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. dot dot in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry...

SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite (CVE-2007-4475)

The SAP GUI is the GUI client in SAP's 3-tier architecture of database, application server and client. A vulnerability was reported in the SAP GUI. The vulnerability is caused due to a boundary error in the bundled EAI WebViewer3D ActiveX control webviewer3d.dll when processing arguments passed t...

GLSA-200911-01 : Horde: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200911-01 Horde: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Horde: Stefan Esser of Sektion1 reported an error within the form library when handling image form fields CVE-2009-3236. Martin Geisler and...

Horde: Multiple vulnerabilities

Background Horde is a web application framework written in PHP. Description Multiple vulnerabilities have been discovered in Horde: Stefan Esser of Sektion1 reported an error within the form library when handling image form fields CVE-2009-3236. Martin Geisler and David Wharton reported that an...

EMC Captiva ISIS PixTools PDIControl.PDI.1控件任意文件覆盖漏洞

BUGTRAQ ID: 36566 EMC Captiva ISIS PixTools是一套软件开发包，包括扫描、查看和图形处理模块。 Captiva ISIS PixTools所提供的PDIControl.PDI.1 ActiveX控件（PDIControl.dll）没有正确地验证对SetLogFileName和WriteToLog方式所传送的参数。如果用户受骗访问了恶意网页并向上述方式传送了特制参数，就会导致在用户系统上创建或覆盖任意文件。 EMC Captiva ISIS PixTools 2.2 临时解决方法： 对clsid...

EnjoySAP Arbitrary File Overwrite

Digital Security Research Group DSecRG Advisory DSECRG-09-044 Application: EnjoySAP, SAP GUI for Windows 6.4 and 7.1 Versions Affected: Tested on 7100.2.7.1038 PL 7 Vendor URL: http://SAP.com Bugs: insecure method, File owervriting Exploits: YES Reported: 02.07.2009 Vendor response: 02.07.2009 Da...

Debian和Ubuntu Postfix不安全临时文件建立漏洞

Bugraq ID: 36469 CVE ID：CVE-2009-2939 Postfix是一款开放源代码的邮件传输代理，运行在不同类型的UNIX系统上。 Debian和Ubuntu包含的Postfix不安全建立临时文件，本地攻击者可以利用漏洞以应用程序权限覆盖任意文件。 Wietse Venema发现Debian和Ubuntu把/var/spool/postfix/pid的权限设置为postfix:root 0755，这允许postfix用户操作pid文件并通过符号链接攻击覆盖任意文件。 Wietse Venema Postfix 2.5.5 Ubuntu Ubuntu Linux...

SuSE9 Security Update : id3lib (YOU Patch Number 11786)

This update fixes a bug that allows local attackers to overwrite arbitrary files. CVE-2007-4460 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41150;...

Installshield 2009 15.0.0.53 Premier - 'ISWiAutomation15.dll' ActiveX Arbitrary File Overwrite

source: https://www.securityfocus.com/bid/43857/info InstallShield 2009 Premier ActiveX control is prone to an arbitrary-file-overwrite vulnerability. Attackers can overwrite arbitrary files on the victim's computer in the context of the vulnerable application typically Internet Explorer using th...

IBM AIX 5.6/6.1 _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug

No description provided by source. !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi [email protected] Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/...

GLSA-200909-17 : ZNC: Directory traversal

The remote host is affected by the vulnerability described in GLSA-200909-17 ZNC: Directory traversal The vendor reported a directory traversal vulnerability when processing DCC SEND requests. Impact : A remote, authenticated user could send a specially crafted DCC SEND request to overwrite...

IBM AIX 5.6/6.1 _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug

Exploit for aix platform in category local exploits ===================================================================== IBM AIX 5.6/6.1 LIBINITDBG Arbitrary File Overwrite via Libc Debug ===================================================================== !/bin/sh $Id: raptorlibC,v 1.1...

IBM AIX 5.66.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug

IBM AIX 5.66.1 - LIBINITDBG Arbitrary File Overwrite via Libc Debug !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi Property of @ Mediaservice.net Srl Data Security Division...

IBM AIX 5.6/6.1 - '_LIB_INIT_DBG' Arbitrary File Overwrite via Libc Debug

!/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/ http://lab.mediaservice.net/ DON'T RUN THIS UNLESS YOU KNOW...

Total Commander FTP Client Traversal Arbitrary File Overwrite

The version of Total Commander installed on the remote host fails to sanitize filenames of directory traversal sequences when downloading files via FTP. If an attacker can trick a user on the affected system into visiting a malicious FTP server, he can leverage this issue to write to arbitrary...

VulnCheck KEV: CVE-2008-7168

Insecure method vulnerability in the UUSee UUUpgrade ActiveX control UUUpgrade.ocx 3.0.2.12 allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009...

Directory traversal

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request...