Design/Logic Flaw

The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue...

Cross site request forgery (csrf)

EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 aka MR1 SP3.2 and 2.2 before 2.2.0.19078 aka MR2 SP0.2 do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a 1 NFSv2, 2...

Checkpoint Abra - Multiple Vulnerabilities

Check Point Abra Vulnerabilities Author: Belov V., Komarov A. Group-IB, http://group-ib.ru Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Summary: Che...

Design/Logic Flaw

An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods...

CVE-2011-4044

An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods...

CVE-2011-4044

CVE-2011-4044 affects ARC Informatique PcVue (versions 6.0–10.0) with vulnerable SVUIGrd.ocx components in FrontVue/PlantVue. The flaw enables remote attackers to modify files or execute code by abusing SaveObject()/LoadObject() method handling, via a crafted aStream/function-pointer overwrite vu...

Ajax Upload - Arbitrary File Upload

Exploit Title: Ajax Upload Arbitrary File Upload Date: 30/01/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Ajax Upload http://valums.com/ajax-upload/ Tested on: Linux Comment Agradezco a mis amigos: Hernan Jais, Alfon...

Ajax Upload - Arbitrary File Upload

Ajax Upload - Arbitrary File Upload Exploit Title: Ajax Upload Arbitrary File Upload Date: 30/01/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Ajax Upload http://valums.com/ajax-upload/ Tested on: Linux Comment...

CVE-2011-3479

Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 aka 12.5.x and 7.1 aka 12.6.x, uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file...

Design/Logic Flaw

Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 aka 12.5.x and 7.1 aka 12.6.x, uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file...

FTPS Cleartext Fallback Security Bypass

The remote FTPS server running on the remote host is affected by a security bypass vulnerability due to accepting unencrypted commands if SSL negotiations fail. A man-in-the-middle attacker can exploit this to intercept credentials and modify files. C Tenable Network Security, Inc...

WikkaWiki Multiple Security Vulnerabilities

WikkaWiki is prone to multiple security vulnerabilities, including: - An SQL injection vulnerability. - An arbitrary file upload vulnerability. - An arbitrary file deletion vulnerability. - An arbitrary file download vulnerability. - A PHP code injection vulnerability. SPDX-FileCopyrightText: 201...

CVE-2011-3993

CVE-2011-3993 affects SKYARC System Co., Ltd. MTCMS (<= 5.252) and several Movable Type plugins (e.g., MultiFileUploader <= 0.44, MailPack <= 1.741, AutoTagging

GoDaddy websites Compromised with Malware

GoDaddy websites Compromised with Malware Many sites hosted on GoDaddy shared servers getting compromised today with a conditional redirection to sokoloperkovuskeci.com.In all 445 cases the .htaccess file a main Apache web server configuration file was modified to redirect users to a malware site...

Apache Tomcat 7.0.0 < 7.0.19 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.19. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.19security-7 advisory. - Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled...

CVE-2011-2779

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...

Design/Logic Flaw

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...

CVE-2011-2145

mount.vmhgfs in the VMware Host Guest File System HGFS in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to...

Microsoft Office Excel Buffer Overflow

This is a PoC for MS11-021/CVE-2011-0978 Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow w3bd3vilatgmaildot.com twitter.com/w3bd3vil Modify bits at file location 0x39E7 0:000:x86 r eax=04dd6380 ebx=ffff5554 ecx=04ab5108 edx=00000000 esi=04ab4800 edi=ffff5554 eip=2f36a2fd...

Log1 CMS File Modification / Download

+---------------------------------------+ | Log1 CMS 2.0 Multiple Vulnerabilities | +---------------------------------------+ Vulnerable Web-App : Log1 CMS 2.0 Vulnerability : Multiple Vulnerabilities. Author : Aodrulez. Atul Alex Cherian Email : [email protected] Google-Dork : "POWERED BY LOG...