CVE-2014-8115

CVE-2014-8115 affects KIE Workbench 6.0.x (KIE Workbench) with insufficient authorization constraints that allow remote authenticated users to read or write arbitrary files via unknown vectors. The CVSS base score is 6.5 (Medium) with network attack vector and partial confidentiality/integrity/av...

Multiple vulnerabilities in DrayTek VigorACS SI

DrayTek VigorACS SI = 1.3.0 Vigor ACS-SI Edition is a Central Management System for DrayTek routers and firewalls, providing System Integrators or system administration personnel a real-time integrated monitoring, configuration and management platform...

WordPress Advanced Access Manager Plugin <= 2.8.2 - Admin User File Read/Write

Because of this vulnerability, attackers can write arbitrary content to arbitrary files. Solution Update the plugin...

Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities

Binary data 8400.prm...

PHP: Multiple vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact A...

Oracle Reports Server 6.0.8/9.0.x Unauthorized Report Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14316/info Oracle Reports Server is susceptible to an unauthorized report execution vulnerability. By placing a report file in a globally accessible location, users can trigger the execution of the report by issuing an HT...

GLSA-201404-01 : CUPS: Arbitrary file read/write

The remote host is affected by the vulnerability described in GLSA-201404-01 CUPS: Arbitrary file read/write Members of the lpadmin group have admin access to the web interface, where they can edit the config file and set some dangerous directives like the logfilenames, which enable them to read ...

CUPS: Arbitrary file read/write

Background CUPS, the Common Unix Printing System, is a full-featured print server. Description Members of the lpadmin group have admin access to the web interface, where they can edit the config file and set some “dangerous” directives like the logfilenames, which enable them to read or write fil...

Cisco Unified Communications Manager Arbitrary File Read/Write Vulnerability

A vulnerability in a command-line utility of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to read or write data to arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this...

PEAR Mail软件包Recipient参数注入漏洞

BUGTRAQ ID: 37395 CVE ID: CVE-2009-4111 PEAR是“PHP扩展和应用库”的缩写，用于为PHP用户提供结构化的开源代码库。 PEAR的Mail软件包中Mail/sendmail.php没有正确地过滤$recipients参数，远程攻击者可以通过提交恶意请求读写任意文件。 PEAR Mail 1.1.4 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1938-1）以及相应补丁: DSA-1938-1：New php-mail packages fix insufficient input sanitising...

Code injection

Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the 1 xfig-epsPID, 2 xfig-picPID.pix, 3 xfig-picPID.err, 4 xfig-pcxPID.pix, 5 xfig-xfigrcPID, 6 xfigPID, 7 xfig-printPID, 8 xfig-exportPID.err, 9 xfig-batchPID, 10 xfig-expPID, or 11 xfig-spell.PID...

CVE-2002-2353

tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests...

CVE-2007-0657

Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command...

Directory traversal

Directory traversal vulnerability in PG Problem Editor module PGProblemEditor.pm in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory...

Oracle Reports Server 6.0.89.0.x - Unauthorized Report Execution

Oracle Reports Server 6.0.89.0.x - Unauthorized Report Execution source: https://www.securityfocus.com/bid/14316/info Oracle Reports Server is susceptible to an unauthorized report execution vulnerability. By placing a report file in a globally accessible location, users can trigger the execution...

[Full-disclosure] Maxthon browser multiple vulnerabilities advisory

Maxthon browser multiple vulnerabilities advisory URL: http://www.raffon.net/advisories/maxthon/multvulns.html Date: April 08, 2005 Author: Aviv Raff Introduction "Maxthon Internet Browser software is a powerful tabbed browser with a highly customizable interface. It is based on the Internet...

QNX crttrap unauthorized file access

-c option can be user to read/write any file...