Vulnerability of the PHP interpreter and the Mac OS X operating system, allowing attackers to execute arbitrary code

The vulnerability of the Phar extension in PHP interpreters and the Mac OS X operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file name...

GraphicsMagick and ImageMagick Code Execution Vulnerabilities

GraphicsMagick is a set of simple image processing tools, the tool to the image to provide resizing, rotation, highlighting and other functions.ImageMagick is the U.S. ImageMagick Studio, Inc. of a set of open-source image processing software, the software can read, convert, write a variety of...

Automattic: WordPress core stored XSS via attachment file name

I think there's a problem with missing HTML encoding of attachment file names. A user with the capability to create attachments could compromise other accounts including administrator by injecting HTML tags in the file name. Creating attachment with arbitrary filenames is possible at least via th...

CVE-2016-1236

Multiple cross-site scripting XSS vulnerabilities in 1 revision.php, 2 log.php, 3 listing.php, and 4 comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a a file or b directory in a repository...

UBUNTU-CVE-2016-1236

Multiple cross-site scripting XSS vulnerabilities in 1 revision.php, 2 log.php, 3 listing.php, and 4 comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a a file or b directory in a repository...

UBUNTU-CVE-2015-0857

Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a 1 tar file or 2 file within a tar file...

DEBIAN-CVE-2015-0857

Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a 1 tar file or 2 file within a tar file...

GRR Authentication Bypass Vulnerability

GRR is an open source resource management tool. GRR suffers from an authentication bypass vulnerability that allows an attacker to upload malicious files and execute malicious code due to the lack of filtering of file names uploaded by the user...

The vulnerabilities of the Xymon network monitoring software allow a intruder to trigger a service failure or execute arbitrary code.

Multiple vulnerabilities in the xymond/xymond.c program of the Xymon network monitoring tool are caused by buffer overflow attacks. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a system crash due to the use of a long file name, which is...

TarDiff Command Injection Vulnerability

TarDiff is a package comparison tool developed by software developer Josef Spillner. A command injection vulnerability exists in TarDiff. The vulnerability can be exploited to inject arbitrary shell commands by using shell metacharacters in tar file names or filenames in tar files...

Apache Jetspeed Multiple Vulnerabilities (Mar 2016)

Apache Jetspeed is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:jetspeed"; if...

Arbitrary File Write

Overview Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of...

Fedora 23 : perl-IPTables-Parse-1.5-2.fc23 (2015-0c153d3319)

Update to IPTables-Parse-1.5 - Fix use of predictable temporary file names Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Threat Outbreak Alert RuleID4961KVR: Email Messages Distributing Malicious Software on September 24, 2016

Medium Alert ID: 43657 First Published: 2016 February 22 21:55 GMT Last Updated: 2016 October 3 12:49 GMT Version: 46 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID4961...

CVE-2016-1490

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list...

CVE-2016-1490

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list...

Design/Logic Flaw

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list...

CVE-2016-1490

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list...

Threat Outbreak Alert RuleID20491: Email Messages Distributing Malicious Software on February 20, 2016

Medium Alert ID: 43058 First Published: 2016 January 19 13:31 GMT Last Updated: 2016 February 22 16:57 GMT Version: 6 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID20491...

Pitivi Arbitrary Command Execution Vulnerability

Pitivi is a suite of open source video editing software written in Python and based on GStreamer and GTK+. The software provides a timeline in order to achieve complete control over the video. A security vulnerability exists in Pitivi versions prior to 0.95, which stems from an error in the...