Red Hat Automatic Bug Reporting Tool任意文件写入漏洞

问题在abrt-action-install-debuginfo-to-abrt-cache 在默认的情况下，它会在/var/tmp/abrt-tmp-debuginfo-RANDOMSUFFIX创建一个临时文件,然后会下载rpm文件到这个文件夹，之后会进行解压，因为是临时文件夹，所以解压的路径不是这个，而是在/var/cache/abrt-di,但是因为这个文件夹并不是随机创建的，而且可预测性极强，所以我们可以提前创建这个文件夹，依靠控制unpacked.cpio这个文件，我们就能欺骗abrt-action-install-debuginfo提取一个我们可控制的cpio文件...

Red Hat Automatic Bug Reporting Tool Arbitrary File Write Vulnerability

Red Hat Automatic Bug Reporting Tool ABRT is a set of automated bug detection and reporting tools from Red Hat Red Hat. A security vulnerability exists in the abrt-action-install-debuginfo-to-abrt-cache help program in Red Hat ABRT versions prior to 2.7.1. A local attacker can exploit the...

Janitza UMG Arbitrary File Read/Write Vulnerability

The Janitza UMG is an online power quality monitor for the energy industry from Janitza Germany. An arbitrary file read/write vulnerability exists in Janitza UMG 508, 509, 511, 604,605. This allows remote attackers to read or write files, or execute arbitrary JASIC code via a session with TCP por...

CVE-2015-6984

CVE-2015-6984 affects Apple OS X before 10.11.1 via libarchive. A crafted app can trigger a symlink attack to write to arbitrary files due to path/symlink handling in libarchive. Impact: arbitrary file writes. Mitigation: update to OS X 10.11.1 / Security Update 2015-007.

MoboTap Dolphin Browser for Android Arbitrary File Write Vulnerability

MoboTap Dolphin Browser for Android is a dolphin browser for the Android platform. MoboTap Dolphin Browser for Android suffers from an arbitrary file write vulnerability that can be exploited by remote attackers to construct a malicious web page that can be parsed and written to arbitrary files...

Mozilla Firefox and Firefox ESR updater.exe Privilege Bypass Vulnerability

Mozilla Firefox is an open source web browser. A security vulnerability exists in the Mozilla Firefox updater.exe file that allows local attackers to perform a symbolic link attack to write arbitrary files at program startup...

libvdpau Arbitrary File Write Vulnerability

libvdpau is a Unix-like system video decoding and presentation API interface VDAPU Video Decode and Presentation API for Unix in the open source library files. An arbitrary file write vulnerability exists in versions of libvdpau prior to 1.1.1, which allows local users to write arbitrary files vi...

Cisco Unified Computing System Director Arbitrary File Write Vulnerability

The Cisco Unified Computing System simplifies IT management and improves agility by integrating unified computing, networking, storage access and virtualization into a single system. A security vulnerability in the Cisco Unified Computing System Director JSP file allows remote attackers to exploi...

Symantec Endpoint Protection Manager authentication bypass

Added: 08/26/2015 CVE: CVE-2015-1486 BID: 76074 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. Problem Symantec Endpoint...

Symantec Endpoint Protection Manager authentication bypass

Added: 08/26/2015 CVE: CVE-2015-1486 BID: 76074 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. Problem Symantec Endpoint...

Symantec Endpoint Protection Manager authentication bypass

Added: 08/26/2015 CVE: CVE-2015-1486 BID: 76074 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. Problem Symantec Endpoint...

Mac OS X : Cisco AnyConnect Secure Mobility Client 3.x < 3.1.10010.0 / 4.x < 4.1.4011.0 Arbitrary File Write

The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is version 3.x prior to 3.1.10010.0 or 4.x prior to 4.1.4011.0. It is, therefore, affected by a flaw due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue, b...

Cisco AnyConnect Secure Mobility Client 3.x < 3.1.10010.0 / 4.x < 4.1.4011.0 Arbitrary File Write

The Cisco AnyConnect Secure Mobility Client installed on the remote host is version 3.x prior to 3.1.10010.0 or 4.x prior to 4.1.4011.0. It is, therefore, affected by a flaw due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue, by...

Apple OS X DYLD_PRINT_TO_FILE Environment Variable Checksum Local ROOT Privilege Gain Vulnerability

Apple Mac OS X is an operating system developed by Apple Inc. Apple Mac OS X fails to properly calibrate the DYLDPRINTTOFILE environment variable, allowing local attackers to write arbitrary files with root privileges and elevated privileges...

Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.10010.0 / 4.0.x < 4.0.4013.0 / 4.1.x < 4.1.4011.0 IPC File Write Vulnerability

The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is a version prior to 3.1.10010.0, or is version 4.0.x prior to 4.0.4013.0, or version 4.1.x prior to 4.1.4011.0. It is, therefore, affected by a flaw that allows unauthenticated IPC commands to write files. A local...

Symantec Endpoint Protection Manager Arbitrary File Write Vulnerability

Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A security vulnerability exists in the management console of previous...

Symantec Endpoint Protection Multiple Issues

SUMMARY The management console for Symantec Endpoint Protection Manager SEPM is susceptible to multiple vulnerabilities including SQL Injection, authentication bypass, possible path traversal and the potential for arbitrary file read/write. SEP clients are susceptible to a binary planting...

WordPress Child Theme Creator Plugin <= 1.2.6 - Arbitrary File Write

Because of this vulnerability, remote authenticated users can write arbitrary content to existing files in theme directory. Solution Update this plugin...

Child Theme Creator by Orbisius <= 1.2.6 - Arbitrary File Write

The Child Theme Creator by Orbisius WordPress plugin was affected by an Arbitrary File Write security vulnerability...

CVE-2015-1942

The CVE-2015-1942 entry concerns IBM Tivoli Storage Manager FastBack Server. Multiple sources (IBM Security Bulletin, NVD/NIST, and Nessus/OpenVAS listings) confirm that FastBack Server versions up to 6.1.11.1 are affected when handling crafted TCP traffic. The root issue is a remote code executi...