php: pcntl_exec() accepts paths with NUL character

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

Debian DSA-3284-1 : qemu - security update

Several vulnerabilities were discovered in qemu, a fast processor emulator. - CVE-2015-3209 Matt Tait of Google's Project Zero security team discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a gues...

Debian Security Advisory DSA 3285-1 (qemu-kvm - security update)

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-3209 Matt Tait of Google OpenVAS Vulnerability Test $Id: deb3285.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3285-1 using nvtgen 1.0 Script version: 1.0...

OSSEC 2.8.1 Local Root Escalation

Fix for CVE-2015-3222 which allows for root escalation via syscheck - https://github.com/ossec/ossec-hids/releases/tag/2.8.2 Affected versions: 2.7 - 2.8.1 Beginning is OSSEC 2.7 d88cf1c9 a feature was added to syscheck, which is the daemon that monitors file changes on a system, called...

php: move_uploaded_file() NUL byte injection in file name

It was found that PHP moveuploadedfile function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

Threat Outbreak Alert RuleID8337: Email Messages Distributing Malicious Software on August 27, 2015

Medium Alert ID: 39148 First Published: 2015 June 1 13:04 GMT Last Updated: 2015 August 28 13:15 GMT Version: 30 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID87337 and...

JVN#20133698: MailDealer vulnerable to cross-site scripting

MailDealer provided by RAKUS Co.,Ltd. contains a persistent cross-site scripting CWE-79 vulnerability due to a flaw in processing file names of attachments. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to...

JVN#26860747: TransmitMail vulnerable to cross-site scripting

TransmitMail is a PHP based mail form. TransmitMail contains a cross-site scripting CWE-79 vulnerability due to the processing of file names. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informatio...

UBUNTU-CVE-2015-2348

The moveuploadedfile implementation in ext/standard/basicfunctions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...

setroubleshoot: command injection via crafted file name

It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command...

BitDefender Antivirus Logging Function Format String - Ver2 (CVE-2005-3154)

The SOFTWIN BitDefender Antivirus AV product is an anti-virus scanner capable of on-demand as well as email scanning operations. The AV scanner logs by default all results of scans that it performs on the host machine. The logs include positive as well negative virus pattern matches. There exists...

GLPI 0.85.2 Shell Upload / Privilege Escalation

Multiple vulnerabilities have been identified in GLPI http://www.glpi-project.org. 1/ Arbitrary file upload Severity: Important Versions Affected =========== All versions between 0.85 and 0.85.2 Description ======= When an user wants to create a new ticket, he has the possibility to add an...

Threat Outbreak Alert RuleID8337KVR: Email Messages Distributing Malicious Software on August 22, 2016

Medium Alert ID: 37483 First Published: 2015 February 16 15:48 GMT Last Updated: 2016 August 24 11:37 GMT Version: 25 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID8337...

php: gd extension NUL byte injection in file names

It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions...

php: gd extension NUL byte injection in file names

It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions...

ownCloud Multiple Vulnerabilities-04 (Jul 2014)

ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if description...

Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...

ReiserFS 3.5.28 Kernel Oops and Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2180/info ReiserFS is a file system alternative to the Linux ext2 file system. It was originally written by Hans Reiser, and is freely available and publicly maintained. A problem has been reported in the handling of long...

openSUSE Security Update : gnash (openSUSE-SU-2012:0369-1)

gnash used predictable and world readable temporary file names to store HTTP cookies %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-164. The text description of this plugin is C...

openSUSE Security Update : kvm (openSUSE-2012-84)

avoid buffer overflow in e1000 device emulation bnc740165 - Fix dictzip with long file names. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-84. The text description of this...