MGASA-2014-0089 Updated python-numpy packages fix security vulnerabilities

f2py insecurely used a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py CVE-2014-1858, CVE-2014-1859...

MGASA-2014-0047 Updated flite package fixes CVE-2014-0027

Updated flite packages fix security vulnerability: The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav CVE-2014-0027...

Koha Multiple Vulnerabilities (Feb 2014) - Active Check

Koha is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:koha:koha"; if description...

CVE-2014-1833

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink...

UBUNTU-CVE-2014-1833

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink...

Design/Logic Flaw

The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file...

CVE-2013-7135

The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file...

CVE-2014-0027

The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...

Information disclosure

The playwavefromsocket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information...

CVE-2013-5364

Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csiaconfig.xml, which allows local users to change CSI Agent configuration by modifying this file...

PT-2014-3437 · Festvocal · Flite

Name of the Vulnerable Software and Affected Versions: Flite version 1.4 Description: The issue allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. This is due to a problem in the play wave from socket function in audio/auserver.c. Recommendations: For Flite version...

Synology DiskStation Manager arbitrary file modification

Overview Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges. Description CWE-284: Improper Access Control - CVE-2013-6955Synology DiskStation Manager...

ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)

The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the tzfileread function that allows a denial of service or arbitrary code execution. CVE-2009-5029 - An error exists in the glibc library related ...

CVE-2012-4121

Cisco NX-OS contains a local-privilege-escalation flaw in the Stream Editor (sed) usage via the r and w commands. The issue is tied to input-validation problems, enabling an authenticated, local attacker to read or modify arbitrary files on the device. Documents reference Bug IDs CSCts56559, CSCt...

CVE-2012-4095

The local file editor in the fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521...

CVE-2012-4096

The local file editor in the Baseboard Management Controller BMC in Cisco Unified Computing System UCS allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574...

Cisco Unified Computing System FTP User Vulnerability

A vulnerability in the FTP server of the Cisco Unified Computing System could allow an unauthenticated, adjacent attacker to view and modify files. The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the FT...

CVE-2012-4088

The FTP server in Cisco Unified Computing System UCS has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769...

ProFTPD: Multiple vulnerabilities

Background ProFTPD is an advanced and very configurable FTP server. Description Multiple vulnerabilities have been discovered in ProFTPD. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly execute arbitrary code with the privileges o...

KLA10351 Multiple vulnerabilities in Symantec Backup Exec

Multiple serious vulnerabilities have been found in Symantec Backup Exec. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, read-write backup files, inject scripts and execute arbitrary code Below is a complete list of vulnerabilities 1...