VMware ESX / ESXi Arbitrary File Modification (VMSA-2013-0016) (remote check)

The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by an arbitrary file modification vulnerability due to improper handling of certain Virtual Machine file descriptors. A local attacker can exploit this to read or modify arbitrary files. C Tenable...

CVE-2015-8150

Symantec Encryption Management Server SEMS 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file...

OpenSMTPD has multiple vulnerabilities

OpenSMTPD is a free server-side implementation of the SMTP protocol. OpenSMTPD suffers from stack overflow, memory corruption, and symbolic link attack vulnerabilities that could be exploited by remote attackers to submit a special request for a denial-of-service attack, crash an application, or...

CVE-2015-1002

IniNet embeddedWebServer aka eWebServer before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string...

Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability (cisco-sa-20151007-vcs)

A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to perform a symbolic link attack on the affected system. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be...

Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability

A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to perform a symbolic link attack on the affected system. The vulnerability is due to insufficient protection of files. An attacker could...

Zen Cart 1.5.4 Code Execution / Information Disclosure

Zen Cart 1.5.4: Code Execution and Information Leak Security Advisory – Curesec Research Team 1. Introduction Affected Product: Zen Cart 1.5.4 Fixed in: partial fix via patch Partial Patch Link: https://www.zen-cart.com/showthread.php?218239-curesec-security-report-Patch-Included Vendor Contact:...

The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server allows a intruder to gain privileges of the root user.

The vulnerability of the CLI component of the Microprogramming Software for Cisco TelePresence Video Communication Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating locally, to gain root user privileges by modifying...

BusyBox DNS Configuration

This module will be applied on a session connected to a BusyBox shell. It allows to set the DNS server on the device executing BusyBox so it will be sent by the DHCP server to network hosts. This module requires Metasploit: https://metasploit.com/download Current source:...

Cisco Email Security Appliance Malformed DMARC Policy Records File Modification Vulnerability

A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to generate malformed Domain-Based Message Authentication, Reporting, and Conformance DMARC policy records to the targeted system. The vulnerability occurs because the affected ESA is not abl...

DEBIAN-CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

Code injection

The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files...

ECStore open source online shop system arbitrary file modification vulnerability to get shell-vulnerability warning-the black bar safety net

Brief description: Template Edit in the file edit function, to edit the file limit is not strict, the result may be to modify the system in the presence of any file Detailed description: File editing function, select To modify the file, where the selected image template file, then upload the...

FineCMS a lightweight version of the csrf vulnerability in the background to add management+any hung black page-bug warning-the black bar safety net

! FineCMS a lightweight version of the csrf vulnerability in the background to add management+any hung black page 2, the capture truncation ! FineCMS a lightweight version of the csrf vulnerability in the background to add management+any hung black page No verification 3, The structure of the for...

Researchers: PlugX More Prominent Than Ever

Existing in some form since 2008, the popular remote access tool PlugX has as notorious a history as any malware, but according to researchers the tool saw a spike of popularity in 2014 and is the go-to malware for many adversary groups. Many attacks, especially those occurring during the latter...

Design/Logic Flaw

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service arbitrary write to a file by modifying a configuration file...

CVE-2013-5758

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...

Wordpress Timthumb WebShot Vulnerability Code Execution

A vulnerability in TimThumb's "Webshot" feature allows for certain commands to be remotely executed on vulnerable websites with no authentication. An attacker can create, remove and modify any files on the affected server...

Updated dpkg packages fixes security vulnerabilities

Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package, leading to the creation of files outside the directory of the source being unpacked CVE-2014-0471. Multiple vulnerabilities were discovered in dpkg...