Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12402)

Summary The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress...

Huawei EulerOS: Security Advisory for lftp (EulerOS-SA-2019-2165)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LTSP LDM Elevation of Privilege Vulnerability

LTSP is a well-known Linux Terminal Server Project program that adds thin client support to Linux servers. An elevation of privilege vulnerability exists in LTSP LDM, which can be exploited by an attacker with certain privileges to gain privileges by performing a symbolic link attack on files wit...

Directory Traversal

typo3/cms is vulnerable to directory traversal. Manually uploaded Zip archives are not validated and allows for malicious file names containing the ../ characters. This could potentially result in system files being overwritten upon extraction...

EulerOS 2.0 SP3 : lftp (EulerOS-SA-2019-2603)

According to the version of the lftp package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the...

Siemens SPPA-T3000 Information Disclosure Vulnerability (CNVD-2019-44777)

The SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. An information disclosure vulnerability exists in the Siemens SPPA-T3000. An attacker can access paths and file names on the server by sending carefully crafted packets to...

CVE-2019-7194

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions...

EulerOS 2.0 SP2 : lftp (EulerOS-SA-2019-2485)

According to the version of the lftp package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the...

CVE-2014-6311

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

CVE-2014-6311

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

DEBIAN-CVE-2014-6311

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

UBUNTU-CVE-2014-6311

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

CVE-2014-6311

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

Code injection

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

CVE-2014-6311

The CVE-2014-6311 entry describes a privilege-escalation flaw in ace prior to 6.2.7+dfsg-2 where generate_doygen.pl creates predictable file names in /tmp. The documented impact is elevated privileges for attackers who can leverage these predictable names. Affected component: ace (script generate...

CVE-2014-6311

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

CVE-2014-6311

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media

Buffer overflows were discovered in UDF-related codes under MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe, which could be triggered with long file names or invalid formatted UDF media...

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...

CVE-2009-5043

burn allows file names to escape via mishandled quotation marks...