Code injection

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications...

CVE-2008-2519

CVE-2008-2519 is a directory traversal vulnerability in Core FTP client 2.1 Build 1565. An attacker-controlled LIST response with .. sequences can cause the FTP server to create or overwrite arbitrary files on the affected client, potentially enabling code execution by writing to the Startup fold...

CVE-2008-2519

Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. dot dot sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup...

CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO92996)

According to its version, the installation of BrightStor ARCserve Backup on the remote host is affected by multiple issues : - A vulnerability in 'caloggerd' could allow an unauthenticated attacker to append data to arbitrary files on the server using log messages with directory traversal...

dedecms v5.1 WriteBookText() code injection vul

\\include\\incbookfunctions.php --------------------------------------------------- …… function WriteBookText$cid,$body global $cfgcmspath,$cfgbasedir; $ipath = $cfgcmspath.\"/data/textdata\"; $tpath = ceil$cid/5000; if!isdir$cfgbasedir.$ipath...

HP HPeDiag ActiveX Control Multiple Vulnerabilities

The remote host contains the HP Software Update software, installed by default on many HP notebooks to support automatic software updates and vulnerability patching. The version of this software on the remote host includes an ActiveX control, 'HpeDiag', that reportedly contains multiple insecure...

CVE-2008-1570

Race condition in the createlockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569...

CVE-2008-1569

CVE-2008-1569 affects policyd-weight (0.1.14 beta-16 and earlier). A local attacker can exploit insecure temporary file handling used when creating a socket, via a symlink attack on the /tmp/.policyd-weight/ directory, potentially deleting arbitrary files or changing ownership to the polw user. R...

CVE-2008-1363

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a...

Moderate: Red Hat Security Advisory: java-1.4.2-bea security update

Updated java-1.4.2-bea packages that correct several security issues and add enhancements are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the...

Motorola Timbuktu Pro 8.6.5 - File Deletion/Creation

!/usr/bin/perl ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO Timbuktu Pro = 8.6.5 Arbitrary File Deletion/Creation Bug & Exploit by titon titonatbastardlabsdotcom Advisory: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=590 Copyright: c2007 BastardLabs...

GLSA-200803-09 : Opera: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-09 Opera: Multiple vulnerabilities Mozilla discovered that Opera does not handle input to file form fields properly, allowing scripts to manipulate the file path CVE-2008-1080. Max Leonov found out that image comments might...

Adobe Acrobat Reader acroread创建不安全临时文件漏洞

BUGTRAQ ID: 28091 CVECAN ID: CVE-2008-0883 Acrobat Reader是一款流行的PDF文件阅读器。 Adobe Reader的acroread脚本在处理installCertificate选项时没有安全地处理临时文件，这允许本地攻击者通过符号链接攻击结合竞争条件覆盖或删除任意文件。 Adobe Acrobat Reader 8.1.2 厂商补丁： Adobe ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://support.novell.com/linux/psdb/sources.html...

CVE-2007-6017

The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server BEWS 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of servi...

Debian Security Advisory DSA 1502-1 (wordpress)

The remote host is missing an update to wordpress announced via advisory DSA 1502-1. OpenVAS Vulnerability Test $Id: deb15021.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1502-1 wordpress Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

CVE-2008-0631

Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to 1 overwrite arbitrary files via the SaveToDisk method, or 2 modify files via the AddStringToFile method...

Security feature bypass

Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to 1 overwrite arbitrary files via the SaveToDisk method, or 2 modify files via the AddStringToFile method...

MailBee Objects 5.5 (MailBee.dll) Remote Insecure Method Exploit

Exploit for unknown platform in category remote exploits ================================================================ MailBee Objects 5.5 MailBee.dll Remote Insecure Method Exploit ================================================================...

Debian Security Advisory DSA 999-1 (lurker)

The remote host is missing an update to lurker announced via advisory DSA 999-1. Several security related problems have been discovered in lurker, an archive tool for mailing lists with integrated search engine. The Common Vulnerability and Exposures project identifies the following problems:...

PYSEC-2008-3

Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...