WordPress plugin Pixabay Images arbitrary file write vulnerability (CNVD-2015-00815)

The Pixabay Images plugin is a plugin that supports the insertion of selected CC0 public domain photos from Pixabay an image material sharing network anywhere in the blog. An arbitrary file write vulnerability exists in versions of the WordPress plugin Pixabay Images prior to 2.4, which allows...

WordPress Plugin Pixabay Images Directory Traversal Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Pixabay Images is one of the support for selecting photos from Pixabay image material sharing network in the CC0...

UBUNTU-CVE-2015-1396

A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196...

VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues

a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege escalation on the host. The vulnerability does not allow for privilege...

VMSA-2015-0001:VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues

VMSA-2015-0001.2 VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2015-0001.2 VMware Security Advisory Synopsis: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates...

DEBIAN-CVE-2015-1196

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file...

DEBIAN-CVE-2015-1191

Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a 1 full pathname or 2 .. dot dot in an archive...

UBUNTU-CVE-2015-1194

pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive...

CVE-2015-1191

CVE-2015-1191 affects pigz 2.3.1, where a flaw in pigz.c enables directory traversal via crafted archives (either a full pathname or .. in the archive). This could allow remote attackers to write to arbitrary files or view arbitrary files on the system, as described in multiple advisories and ven...

UBUNTU-CVE-2015-1196

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file...

CVE-2015-0552

Directory traversal vulnerability in the gcabfolderextract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."...

DEBIAN-CVE-2015-0552

Directory traversal vulnerability in the gcabfolderextract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."...

Kofax e-Transactions Sender Sendbox File Injection Vulnerability

Kofax e-Transactions Sender Sendbox is an add-on application to a suite of Kofax conversion modules from Kofax USA that automates the electronic transfer of documents to business processes via secure e-mail. A file injection vulnerability exists in Kofax e-Transactions Sender Sendbox, which allow...

CVE-2011-5291

The CVE-2011-5291 entry concerns Ashampoo 3D CAD Professional (3.x) before 3.0.2, where the SaveData method of the Cygnicon.ViewControl.1 ActiveX control in CyViewer.ocx allows a remote attacker to write arbitrary files by supplying a pathname as the first argument. The vulnerability is rooted in...

ActiveBar ActiveX Method Arbitrary File Write - Ver2 (CVE-2007-3883)

An Overwrite Files vulnerability has been reported in The Data Dynamics ActiveBar ActiveX control. Successful exploitation of this vulnerability could allow a remote attacker to create or overwrite files via a full pathname in the second argument to the Save method, or the first argument to the...

CVE-2014-6407

CVE-2014-6407 affects Docker up to 1.3.2, where attackers could write arbitrary files and execute code via a symlink or hard link attack in an image archive during pull or load. Evidence from connected docs shows fixed in the openSUSE/SUSE docker 1.3.2 update (docker-docker-stable forks) addressi...

wget: FTP symlink arbitrary filesystem access

A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode using the '-m' command line option to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution...

Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities

No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20141106-0 ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080...

SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection

SEC Consult Vulnerability Lab Security Advisory 20141106-0 ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080 fixed version: 12.1.5 RU 5 impact:...

Symantec Endpoint Protection Manager < 12.1 RU5 Multiple Vulnerabilities (SYM14-015)

The version of Symantec Endpoint Protection Manager SEPM installed on the remote host is 12.1 prior to 12.1 RU5. It is, therefore, affected by the following vulnerabilities : - An XML external entity XXE injection vulnerability due to improper validation of XML external entities. A remote attacke...