Microsoft Virtual Hard Disk Driver Multiple Vulnerabilities (3199647)

This host is missing an important security update according to Microsoft Bulletin MS16-138. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

VHD Driver Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user. To exploit the...

Oracle MySQL 5.6.x < 5.6.34 Multiple Vulnerabilities

Binary data 9748.prm...

[SECURITY] [DSA 3702-1] tar security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3702-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 01, 2016 https://www.debian.org/security/faq -...

Remote code execution

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution...

CVE-2016-1000031

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution...

CVE-2016-1000031

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution...

CVE-2016-1000031

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution...

Fedora 23 : php (2016-0729e59542)

13 Oct 2016 - PHP version 5.6.27 Core: - Fixed bug php73025 Heap Buffer Overflow in virtualpopen of zendvirtualcwd.c. cmb - Fixed bug php73058 crypt broken when salt is 'too' long. Anatol - Fixed bug php72703 Out of bounds global memory read in BFcrypt triggered by passwordverify. Anatol - Fixed...

Advantech WebAccess Vulnerabilities

OVERVIEW Ilya Karpov of Positive Technologies, Ivan Sanchez, Andrea Micalizzi, Ariele Caltabiano, Fritz Sands, Steven Seeley, and an anonymous researcher have identified multiple vulnerabilities in Advantech WebAccess application. Many of these vulnerabilities were reported through the Zero Day...

CVE-2016-8565

Siemens Automation License Manager ALM before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets...

Information disclosure

Siemens Automation License Manager ALM before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets...

CVE-2016-8565

Siemens ALM (Automation License Manager) vulnerable to a remote path-traversal flaw in all versions before 5.3 SP3 Update 1. A remote attacker can send crafted packets to ALM to write/rename files, create or delete directories. Remediation: update to ALM version 5.3 SP3 Update 1; restrict access ...

FreePBX Remote Command Execution

Title : Freepbx =begin Freepbx 13.x are vulnerable to Remote command execution due to the insuffecient sanitization of the user input fields language,destination and also due to the lack of good authentication checking Technical details Vulnerable file :...

FreePBX 13.0.188 - Remote Command Execution (Metasploit)

FreePBX 13.0.188 - Remote Command Execution Metasploit Title : Freepbx =begin Freepbx 13.x are vulnerable to Remote command execution due to the insuffecient sanitization of the user input fields language,destination and also due to the lack of good authentication checking Technical details...

W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Download

When you're creating a support ticket in the plugin page, you can add one or more of your your template themes. Then this file will be send to the author to help him resolving the issue. Now you select one, you send the form and same as for the files before, you will send it to the author to help...

MuM Map Edit 3.2.6.0 SQL Injection / File Manipulation / Poor Practices

Security Advisory -- Multiple Vulnerabilities - MuM Map Edit Product Vendor: Mensch und Maschine Software SE / Mensch und Maschine acadGraph GmbH Product: MapEdit Affected software version: 3.2.6.0 MuM MapEdit provides geodata to the internet and intranets and is deployed on several communal and...

CentOS 7 : libtiff (CESA-2016:1546)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2016:1546 advisory. - Heap-based buffer overflow in the PackBitsPreEncode function in tifpackbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to...

Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter — Mozilla

Security researcher Holger Fuhrmannek reported that when the Updater is opened directly using the callback application path parameter, a copy of a user specified file is made as a callback file. If the target of this file is made with a locked hardlink, an arbitrary local file can be replaced on...

Information disclosure and local file manipulation through drag and drop — Mozilla

Security researcher Rafael Gieschke reported that file URIs dragged from a web page in Firefox to other software do not have their contents properly filtered before being passed to other programs, such as the local file manager. This can allow for the theft or manipulation of arbitrary local file...