CVE-2018-7300

CVE-2018-7300 affects eQ-3 AG Homematic CCU2 (version 2.29.2 and earlier). The issue is a Directory Traversal/Arbitrary File Write vulnerability in the User.setLanguage method that permits remote attackers with access to the device’s web interface to write arbitrary files to the filesystem, poten...

WINCVS 2009R2 DLL Hijacking

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVS-SUITE-2009R2-INSECURE-LIBRARY-LOADING-CVE-2018-6461.txt + ISR: Apparition Security Vendor: ============= march-hare.com Product: =========== WINCVS 2009R2 CVS Suite is a...

Code injection

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller...

CVE-2018-5795

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller...

CVE-2018-5795

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller...

CVE-2018-5795

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller...

Extreme Networks ExtremeWireless WiNG Arbitrary File Write Vulnerability

Extreme Networks ExtremeWireless WiNG is a wireless access solution from Extreme Networks.WiNG Access Point AP is one of the wireless access points.Controller is the wireless controller.Web User Interface is one of the web management interfaces. The WiNG Access Point AP is a wireless access point...

Haystack Arq for Mac Elevation of Privilege Vulnerability

Haystack Arq for Mac is a Mac-based file backup software from Haystack Software, USA. arqupdater and others are among the components. Based on the Mac platform Haystack Arq 5.10 and the previous version of the standardrestorer binary file there is a security vulnerability. A local attacker can...

CVE-2017-16928

The arqupdater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip...

CVE-2017-16945

The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path...

CVE-2017-16601

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

UBUNTU-CVE-2014-9485

Directory traversal vulnerability in the doextractcurrentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive...

PT-2018-4304 · Minizip · Minigzip

Name of the Vulnerable Software and Affected Versions: minizip versions prior to 1.1-5 Description: The issue is related to a directory traversal vulnerability in the do extract currentfile function in miniunz.c in miniunzip. This vulnerability might allow remote attackers to write to arbitrary...

TransmissionRPC DNS Rebinding Vulnerability

Transmission is a free BitTorrent BT client developed by the Transmission project team for use on the Linux and Mac OS X platforms, which supports data encryption, corruption repair and seeding. A security vulnerability exists in Transmission 2.92 and earlier versions. A remote attacker can execu...

DEBIAN-CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

UBUNTU-CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

Debian: Security Advisory (DLA-1243-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2014-1858

init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...

CVE-2014-1859

1 core/tests/testmemmap.py, 2 core/tests/testmultiarray.py, 3 f2py/f2py2e.py, and 4 lib/tests/testio.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file...

POCO 'ZipCommon::isValidPath()' function absolute path traversal vulnerability

POCO C++ Libraries is a set of C++ class libraries developed by Austrian software developer Gunter Obiltschnig, which are used to develop portable web-based applications with threading, file and streaming capabilities. A security vulnerability in the 'ZipCommon::isValidPath' function in the...