Symantec Endpoint Protection 12.1.4023.4080 XXE / XSS / Arbitrary File Write

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080 fixed version: 12.1.5 RU 5 impact: Critical CVE...

Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080 fixed version: 12.1.5 RU 5 impact: Critical CVE...

Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities

Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable...

Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities

Exploit for jsp platform in category web applications title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080 fixed version: 12.1.5 RU 5 impact: Critical CVE number: CVE-2014-3437, CVE-2014-3438, CVE-2014-3439 homepage:...

Symantec Endpoint Protection Manager Multiple Issues

SUMMARY The management console for Symantec Endpoint Protection Manager SEPM is susceptible to multiple vulnerabilities including XML External Entity Injection, reflected cross-site scripting and the potential for arbitrary file write/overwrite. AFFECTED PRODUCTS Product | Version | Build |...

wget: FTP symlink arbitrary filesystem access

A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode using the '-m' command line option to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution...

DEBIAN-CVE-2014-4877

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the...

CVE-2014-3697

The CVE-2014-3697 issue affects Pidgin for Windows, where the untar_block function in win32/untar.c allows absolute path traversal via a tar archive’s drive name in a smiley theme. This enables remote attackers to write files to arbitrary locations on the victim system. Public references indicate...

DEBIAN-CVE-2014-7206

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file...

UBUNTU-CVE-2014-7206

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file...

DEBIAN-CVE-2014-1875

The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file...

(0Day) Hewlett-Packard Data Protector Cell Request Service Opcode 1091 Directory Traversal Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within crs.exe which listens by default on a random TCP port. When parsing...

SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::EXE...

Fly-High CMS 2012-07-08 - Unrestricted File Upload Exploit

No description provided by source. ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : Fly-High CMS...

PHP 5.3.0 - pdflib Arbitrary File Write

No description provided by source. Description: ------------ Via this bug , attacker can save a file in path that not allowed in openbasedir . Reproduce code: --------------- ?php // Author : Sina Yazdanmehr R3d.W0rm ; Our Site : http://IrCrash.com if!extensionloaded'pdf' die'pdf extension requir...

PhpTax 0.8 - File Manipulation(newvalue,field) Remote Code Execution

No description provided by source. ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : PhpTax File...

SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write Vulnerability

No description provided by source. ''' Title: SolidWorks Workgroup PDM 2014 SP2 Arbitrary File Write Vulnerability Date: 2-21-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage: http://www.solidworks.com/sw/products/product-data-management/workgroup-pdm.htm Tested on:...

MobileCartly 1.0 Arbitrary File Write Vulnerability

No description provided by source. ----------------------------------------------------------- / | | | | | | | | | | | | | | | | | / |/ |/ \ | | || | || | | | | / | ||\,|,||| ----------------------------------------------------------- MobileCartly 1.0 Arbitrary File Write Vulnerability Bug...

Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService WriteToFile Message RCE

No description provided by source. Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService WriteToFile Message Remote Code Execution Exploit tested against: Microsoft Windows Server 2003 r2 sp2 Oracle WebLogic Server 12c 12.1.1 Oracle Business Transaction Management Server...

AlienVault OSSIM av-centerd Util.pm set_file Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the av-centerd SOAP service. The issue lies in the handling of setfile requests...