777 matches found
Server: Bypass of file blacklist on Microsoft Windows Platform
A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud Server versions, when running on a Microsoft Windows Platform, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could...
Server: Bypass of file blacklist
A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud versions, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could leverage this bypass by uploading a .htaccess and execute...
CVE-2014-9044
Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack...
Information disclosure
Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack...
Microsoft Windows Directory Traversal Elevation of Privilege (MS15-004; CVE-2015-0016)
An elevation of privilege vulnerability exists in Windows Components. The vulnerability is caused when Windows fails to properly sanitize file paths. An attacker can exploit this vulnerability by tricking a user into downloading a specially crafted application...
CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...
CVE-2014-0476
chkrootkit before 0.50 contains a flaw in the slapper function that does not properly quote file paths, allowing a local user to execute arbitrary code via a Trojan horse executable in /tmp when /tmp is not mounted with noexec. This enables local privilege escalation to root. Public reports refer...
CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...
PlaySMS <= 0.9.5.2 - Remote File Inclusion Vulnerability
No description provided by source. ============================================================================================================= o PlaySMS = Remote File Inclusion Vulnerability Software : PlaySMS ver 0.9.5.2 Vendor : http://playsms.org/ Author : NoGe Contact :...
ASPMass Shopping Cart - Vulnerability File Upload CSRF
No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-30-aspmass-shopping-cart-vulnerability-file-upload-csrf/ ''' Abysssec Inc Public Advisory Title : ASPMass...
AtomixMP3 <= 2.3 - (.M3U) Buffer Overflow Exploit
No description provided by source. / ======================================================================== 0-day AtomixMP3 = v2.3 Malformed M3U Buffer Overflow PoC ======================================================================== AtomixMP3 Player/Mixer fails to properly handle large fil...
CVE-2014-0476
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...
Concrete CMS: FULL PATH DISCLOSUR
Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page source, require the attacker to have the full path to the file they wis...
Windows Gather Enum User MUICache
This module gathers information about the files and file paths that logged on users have executed on the system. It also will check if the file still exists on the system. This information is gathered by using information stored under the MUICache registry key. If the user is logged in when the...
Google Chrome Multiple Vulnerabilities-01 (Aug 2013) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Opera - security update to 12.11 (important)
Opera 12.11 is a recommended upgrade offering security and stability enhancements: -fixed an issue where HTTP response heap buffer overflow could allow execution of arbitrary code; -fixed an issue where error pages could be used to guess local file paths; see our advisory -fixed several issues...
CentOS Update for gnome-vfs2 CESA-2013:0131 centos5
Check for the Version of gnome-vfs2 OpenVAS Vulnerability Test CentOS Update for gnome-vfs2 CESA-2013:0131 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
RedHat Update for gnome-vfs2 RHSA-2013:0131-01
Check for the Version of gnome-vfs2 OpenVAS Vulnerability Test RedHat Update for gnome-vfs2 RHSA-2013:0131-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
MyBB 1.6.9 full path disclosure
Exploit for windows platform in category web applications MyBB has released its update on 15th December. MyBB 1.6.9 is still affected with full path disclosure vulnerablity author : cyb3rboy website: freemium-devils.in code104.net greetz cyberace, ketan , shubham , S3v3n , th3 d3stroyer , amol th...
CVE-2012-5138
Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors...