CVE-2011-4578

CVE-2011-4578 affects the acpid (aka acpid2) package: the file event.c executes event-handler scripts without a proper umask prior to version 2.0.11. This may allow a local attacker to either (1) write into directories created by a script or (2) read files created by a script via standard filesys...

[waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0

waraxe-2012-SA086 - Local File Inclusion in Invision Power Board 3.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-86.html CVE:...

Invision Power Board 3.3/3.2.3 本地文件包含漏洞

Bugtraq ID: 52998 CVE ID：CVE-2012-2226 Invision Power Board是一款基于PHP的论坛程序 Invision Power Board多个脚本不正确过滤用户提交的输入，攻击者可以利用漏洞提交恶意请求包含本地文件，获得敏感信息 0 Invision Power Board 3.3 Invision Power Board 3.2.3 厂商解决方案 Invision Power Board ----- 用户可参考如下供应商提供安全公告获得补丁信息：...

Invision Power Board 3.3.0 - Local File Inclusion

Invision Power Board 3.3.0 - Local File Inclusion waraxe-2012-SA086 - Local File Inclusion in Invision Power Board 3.3.0 ======================================================================== ======= Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web:...

CVE-2011-1526

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications aka krb5-appl 1.0.1 and earlier does not check the krb5setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP...

360 Web Manager 3.0 Multiple vulnerabilities

Exploit for php platform in category web applications Exploit Title: Multiple vulnerabilities in 360 Web Manager 3.0 Google Dork: "Powered by 360 Web Manager 3.0" Date: 15/04/2011 Author: Ignacio Garrido Contact: email protected Software Link: www.360webmanager.com Version: v3.0 Tested on: Linux...

360 Web Manager 3.0 - Multiple Vulnerabilities

Exploit Title: Multiple vulnerabilities in 360 Web Manager 3.0 Google Dork: "Powered by 360 Web Manager 3.0" Date: 15/04/2011 Author: Ignacio Garrido Contact: [email protected] Software Link: www.360webmanager.com Version: v3.0 Tested on: Linux 2.6.18 Vulnerability description: 360 Web Manager 3....

7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities

7-Technologies IGSS 9.00.00.11059 - Multiple Vulnerabilities Sources: http://aluigi.org/adv/igss1-adv.txt http://aluigi.org/adv/igss2-adv.txt http://aluigi.org/adv/igss3-adv.txt http://aluigi.org/adv/igss4-adv.txt http://aluigi.org/adv/igss5-adv.txt http://aluigi.org/adv/igss6-adv.txt...

siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities

siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities Sources: http://aluigi.org/adv/factorylink1-adv.txt http://aluigi.org/adv/factorylink2-adv.txt http://aluigi.org/adv/factorylink3-adv.txt http://aluigi.org/adv/factorylink4-adv.txt http://aluigi.org/adv/factorylink5-adv.txt...

NetBSD Larn 'Games'组本地特权提升漏洞

Bugtraq ID: 44293 NetBSD是一款基于BSD的操作系统。 当game从setuid更改为setgid时larn没有进行更新-把用户IDs替代为组IDs，这意味着当试图下降到低特权级别时，没有任何事情发生。因此game一直以game组权限运行，并可以games组权限进行各种如写或保存文件操作。 保存文件可写入/var/games可覆盖或破坏属于其他游戏的文件。 NetBSD 4.0 厂商解决方案 已经修补的源文件可从NetBSD CVS库中获得： CVS branch file revision ------------- ----------------...

Windows-Movie-Maker

The vulnerable part starts at “IsValidWMToolsStream” function. In this function new is used two times for allocating space. In both cases, values of Size needed for allocating memory is read from .mswmm file. Successfully exploiting this issue allows remote attackers to cause denial-of-service...

Design/Logic Flaw

Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch...

Unrestricted File I/O can be used by Widgets to execute arbitrary code – Opera Security Advisories

Unrestricted File I/O can be used by Widgets to execute arbitrary code – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Highly severe Description Widgets may use File I/O to create, read, modify, or delete files, with the user’s permission. When using this functionality, Opera shou...

CVE-2010-0992

Multiple cross-site request forgery CSRF vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that 1 upload image files, 2 delete image files, or 3 create blocks...

CVE-2009-3478

Argument injection vulnerability in 1 src/content/js/connection/sftp.js and 2 src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename...

CVE-2009-2488

Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv102 through snv119, allows local users to cause a denial of service client panic via vectors involving "file operations."...

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Vulnerability

No description provided by source...

Debian DSA-1799-1 : qemu - several vulnerabilities

Several vulnerabilities have been discovered in the QEMU processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-0928 Ian Jackson discovered that range checks of file operations on emulated disk devices were insufficiently enforced. -...

DSA-1799-1 qemu - several vulnerabilities

Bulletin has no description...

CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...