Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5502/info Reportedly, it is possible for an administrator to manipulate create, modify etc. files outside of the FUDForum directories. This vulnerability is present in the 'adm/admbrowse.php' script. The vulnerability is...

Internet Explorer 5,Firefox 0.8,OmniWeb 4.x URI Protocol Handler Arbitrary File Creation/Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10336/info A vulnerability has been identified in multiple products from multiple vendors that may allow a remote attacker to create or modify arbitrary files; these issues relate to the processing of URI requests via...

Microsoft IIS 4.0/5.0 Executable File Parsing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a specially formed...

Alice 2.2 - Arbitrary Code Execution Exploit

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Alice 2.2 Arbitrary Code Execution Exploit Date: Dec 5, 2010 Author: Rew Email: rew splat leethax.info Link: http://alice.org/index.php Version: 2.2 Windows Tested on: WinXP CVE: NA 0day This was a fun one to...

CGIScript.net csPassword.CGI 1.0 HTAccess File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4888/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net. It is possible...

Ben Chivers Easy Homepage Creator 1.0 File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5340/info The vulnerability has been reported for Easy Homepage Creator. It is possible for an atttacker to modify any user's home page. The vulnerability is the result of Homepage Creator failing to properly authenticate...

QNX RTOS 4.25 monitor Arbitrary File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor -f command line...

OpenVMS 5.3/6.2/7.x UCX POP Server Arbitrary File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5790/info An issue with the UCX POP Post Office Protocol server used by OpenVMS has been reported. It is possible for a malicous local user to overwrite arbitrary files on the filesystem by exploiting a vulnerability in t...

NConf 1.3 Arbitrary File Creation

No description provided by source. Exploit Title: nconf file read and wrtite exploit Date: 2013/1/20 Exploit Author: [email protected] Software Link: http://sourceforge.net/projects/nconf/files/nconf/ Version: nconf 1.3 Tested on: Server: Apache/2.2.15 Centos PHP/5.3.3 nconf can modify th...

MobileCartly 1.0 Arbitrary File Write Vulnerability

No description provided by source. ----------------------------------------------------------- / | | | | | | | | | | | | | | | | | / |/ |/ \ | | || | || | | | | / | ||\,|,||| ----------------------------------------------------------- MobileCartly 1.0 Arbitrary File Write Vulnerability Bug...

QNX RTOS 4.25 dumper Arbitrary File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4904/info When creating memory dump files, the QNX RTOS debugging utility 'dumper' follows symbolic links. It also sets ownership of the file to the userid of the terminated process. It is possible for malicious local...

DSA-2953-1 dpkg - security update

Bulletin has no description...

Debian Security Advisory DSA 2953-1 (dpkg - security update)

Multiple vulnerabilities were discovered in dpkg that allow file modification through path traversal when unpacking source packages with specially crafted patch files. This update had been scheduled before the end of security support for the oldstable distribution squeeze, hence an exception has...

Debian: Security Advisory (DSA-2953-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-3836

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that 1 conduct cross-site scripting XSS attacks, 2 modify files, or 3 rename files via unspecified vectors...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that 1 conduct cross-site scripting XSS attacks, 2 modify files, or 3 rename files via unspecified vectors...

CVE-2014-3836

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that 1 conduct cross-site scripting XSS attacks, 2 modify files, or 3 rename files via unspecified vectors...

CVE-2014-3836

ownCloud Server

CVE-2014-3836

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that 1 conduct cross-site scripting XSS attacks, 2 modify files, or 3 rename files via unspecified vectors...

CVE-2014-3865

Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with 1 missing --- and +++ header lines or 2 a +++ header line with a...