CVE-2017-6165

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between...

Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal

Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...

E-Sic Software livre CMS 'q' Parameter SQL Injection Vulnerability

E-Sic is a Brazilian electronic system for citizen information. A SQL injection vulnerability exists in E-Sic version 1.0. A remote attacker can exploit the vulnerability by sending the 'q' parameter to the file esiclivre/restrito/inc/lkpcep.php to execute arbitrary SQL commands...

Red Hat FreeIPA Arbitrary Certificate Issuance Vulnerability

Red Hat FreeIPA is an integrated security information management solution from Red Hat, Inc. The solution provides an easy-to-manage identity, policy and audit IPA suite for Linux and Unix computer networks. A security vulnerability in ipa-kra-install in Red Hat FreeIPA versions prior to 4.2.2...

Input validation

Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary fi...

GLSA-201709-12 : Perl: Race condition vulnerability

The remote host is affected by the vulnerability described in GLSA-201709-12 Perl: Race condition vulnerability A race condition occurs within concurrent environments. This condition was discovered by The cPanel Security Team in the rmtree and removetree functions in the File-Path module before...

Perl: Race condition vulnerability

Background File::Path module provides a convenient way to create directories of arbitrary depth and to delete an entire directory subtree from the filesystem. Description A race condition occurs within concurrent environments. This condition was discovered by The cPanel Security Team in the rmtre...

Cougar-LG Insecure File Path Vulnerability

Cougar-LG is a set of web applications written in Perl for connecting to a router or console. A security vulnerability exists in the lg.pl file in Cistron-LG 1.01. A remote attacker could use this vulnerability to obtain IP addresses and other router credentials...

Cougar-LG Insecure Configuration File Path Vulnerability

Cougar-LG is a set of web applications written in Perl for connecting to a router or console. A security vulnerability exists in Cougar-LG. A remote attacker could exploit this vulnerability to obtain credentials...

UBUNTU-CVE-2013-7426

Insecure Temporary file vulnerability in /tmp/kamailiofifo in kamailio 4.0.1...

DEBIAN-CVE-2015-8621

t-coffee before 11.00.8cbe486-2 allows local users to write to /.tcoffee globally...

Fedora 26 : perl-File-Path (2017-4e981a51e6)

This release fixes a possible setting arbitrary mode on an arbitrary file in rmtree and removetree calls known as CVE-2017-6512. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically...

ExpressionEngine: Image lib - unescaped file path

Under ./system/ee/legacy/libraries/Imagelib.php There are function from CodeIgniter to manipulate images. The issue is that the PHP function exec is used two times in two different functions: imageprocessimagemagick and imageprocessnetpbm In both cases the fullsrcpath and fulldstpath are given...

Directory Traversal

Overview Affected versions of getcityapi.yoehoehne resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the...

Multiple Security Bypass Vulnerabilities in File-Path Module

File-Path is a module for creating and removing directory trees. A security vulnerability exists in the 'removetree' and 'rmtree' functions in versions of the File-Path module prior to 2.13. An attacker can exploit this vulnerability to set the mode of arbitrary files...

Fedora 24 : perl-File-Path (2017-212f07c853)

This release fixes a possible setting arbitrary mode on an arbitrary file in rmtree and removetree calls known as CVE-2017-6512. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically...

Fedora 25 : perl-File-Path (2017-dd42592f9a)

This release fixes a possible setting arbitrary mode on an arbitrary file in rmtree and removetree calls known as CVE-2017-6512. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically...

Fedora Update for perl-File-Path FEDORA-2017-212f07c853

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for perl-File-Path FEDORA-2017-dd42592f9a

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 26 Update: perl-File-Path-2.12-367.fc26

This module provides a convenient way to create directories of arbitrary depth and to delete an entire directory subtree from the file system...