CVE-2010-4338

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine...

CVE-2010-4338

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine...

CVE-2010-1679

Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package...

Directory traversal

dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory...

CVE-2010-1679

Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package...

CVE-2010-1679

CVE-2010-1679 describes a directory-traversal flaw in dpkg-source (dpkg prior to 1.14.31 and 1.15.x) where a patch for a source-format 3.0 package can be exploited to modify arbitrary files. The root cause is insufficient validation of patch-driven file paths during source-package processing, ena...

CVE-2010-4068

Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714...

CVE-2010-4068

CVE-2010-4068 describes a vulnerability in the TYPO3 Extension Manager. Affected products/versions are TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4. The issue allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, d...

CVE-2010-3733

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file...

CVE-2010-3733

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file...

Code injection

The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions 777 in unspecified folders, which allows local users to modify, create, or delete certain files...

Code injection

The EMC Celerra Network Attached Storage NAS appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests...

DEBIAN-CVE-2009-4896

Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful mlmmj 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. dot d...

HP-UX Update for Tomcat Servlet Engine HPSBUX02541

Check for the Version of Tomcat Servlet Engine OpenVAS Vulnerability Test HP-UX Update for Tomcat Servlet Engine HPSBUX02541 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

HP-UX Update for Tomcat Servlet Engine HPSBUX02541

Check for the Version of Tomcat Servlet Engine OpenVAS Vulnerability Test HP-UX Update for Tomcat Servlet Engine HPSBUX02541 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Kaspersky Antivirus Code Injection

Hello Bugtraq. I write to notify a vulnerability in Kaspersky Antivirus that allows the code injection in the process that is executed in user's context, allowing: 1. The modification, creation and elimination of the values and keys in the Registration with respect to the configuration of the...

[ MDVSA-2010:074 ] kdebase

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:074 http://www.mandriva.com/security/ Package : kdebase Date : April 15, 2010 Affected: 2008.0, 2009.1, 2010.0, Corporate 4.0 Problem Description: A vulnerability has been found and corrected in kdm...

openSUSE Security Update : kde4-kdm (kde4-kdm-2134)

The KDE KDM contains a local race condition which allows to make arbitrary files world-writable. CVE-2010-0436 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Directory traversal

Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors...

CVE-2010-0396

Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive...