148 matches found
[SECURITY] [DSA 3721-1] tomcat7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3720-1] tomcat8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3720-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...
DSA-3720-1 tomcat8 - security update
Bulletin has no description...
Debian Security Advisory DSA 3720-1 (tomcat8 - security update)
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...
Debian Security Advisory DSA 3721-1 (tomcat7 - security update)
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...
DSA-3721-1 tomcat7 - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3721-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-3720-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows - VHDMP Arbitrary File Creation Privilege Escalation (MS16-138) Exploit
Exploit for windows platform in category local exploits / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=914 Windows: VHDMP Arbitrary File Creation EoP Platform: Windows 10 10586 and 14393. Unlikely to work on 7 or 8.1 as I think it’s new functionality Class: Elevation of...
USN-3096-1 ntp vulnerabilities
Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. CVE-2015-7973 Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue ...
CentOS 6 : libarchive (CESA-2016:1850)
An update for libarchive is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
TarDiff User Privilege Gain Vulnerability
TarDiff is a package comparison tool developed by software developer Josef Spillner. A privilege-acquisition vulnerability exists in TarDiff that stems from the use of predictable temporary directories for tarballs unpacking files. An attacker could exploit the vulnerability to overwrite files wi...
Between a Rock and a Hard Link
Posted by James Forshaw, File System Enthusiast In a previous blog post I described some of the changes that Microsoft has made to the handling of symbolic links from a sandboxed process. This has an impact on the exploitation of privileged file overwrites for sandbox escapes. Windows does suppor...
Mageia: Security Advisory (MGASA-2015-0364)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : libvirt-1.1.3.1-1.fc20 (2013-20869)
Rebased to version 1.1.3.1 - CVE-2013-4400: virt-login-shell arbitrary file overwrites vulnerability bz 1015228, bz 1025685 - Fix possible domain disappearance on libvirtd crash bz 1015246 - Fix LXC container startup failure bz 1014847 - Slim down libvirt LXC dependencies bz 1012198 Note that...
Debian DSA-1447-1 : tomcat5.5 - several vulnerabilities
Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3382 It was discovered that single quotes ' in cookies were treated as a delimiter, which could lead to an...
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1447-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 03, 2008 http://www.debian.org/security/faq -...
Portcullis Security Advisory 06-039
Portcullis Security Advisory 06-039 Vulnerable System: Visionsoft Audit Vulnerability Title: The VSAOD server allows unauthenticated arbitrary file overwrites. Vulnerability Discovery and Development: Portcullis Security Testing Services during an application assessment. Further research was...
DEBIAN-CVE-2006-4346
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to 1 execute code via format string specifiers or 2 overwrite files via directory traversals involving unspecified vectors, as demonstrated by the...
CVE-2005-0161
Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing 1 ../ sequences or 2 absolute pathnames...