CloudMe Buffer Overflow Vulnerability

CloudMe is a file storage service that includes cloud storage, file synchronization, and client browsing software. A buffer overflow vulnerability exists in CloudMe. A remote attacker could exploit this vulnerability to execute arbitrary code...

CVE-2016-6598

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service FileStorageService on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web...

CVE-2016-6598

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service FileStorageService on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web...

CVE-2016-6598

BMC Track-It! 11.4 before Hotfix 3 is affected by CVE-2016-6598. An unauthenticated .NET Remoting FileStorageService on port 9010 allows uploading a file to an arbitrary path on the Track-It! server, which can lead to code execution as NETWORK SERVICE or SYSTEM. Root cause: unauthenticated remote...

CVE-2016-6598

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service FileStorageService on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web...

[SECURITY] Fedora 26 Update: heketi-5.0.1-1.fc26

Heketi provides a RESTful management interface which can be used to manage the life cycle of GlusterFS volumes. With Heketi, cloud services like OpenStack Manila, Kubernetes, and OpenShift can dynamically provision GlusterFS volumes with any of the supported durability types. Heketi will...

CVE-2018-2360

SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage...

Dell EMC VNX2 Operating Environment for File and VNX1 Operating Environment for File VNX Control Station Cross-Site Scripting Vulnerability

The Dell EMC VNX2 Operating Environment for File and the VNX1 Operating Environment for File are both file storage appliances from Dell, U.S.A. The VNX Control Station is one of these consoles. A cross-site scripting vulnerability exists in the web server error page of the VNX Control Station in...

CVE-2017-15309

Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory...

Path traversal

Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory...

CVE-2017-15309

Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory...

CVE-2017-17831

GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository...

TYPO3 Information Disclosure Vulnerability (CNVD-2017-31808)

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. TYPO3 suffers from an information disclosure vulnerability. Because the program fails to properly check user permissions on file storage, an editor could obtain information about...

[SECURITY] Fedora 25 Update: sqlite-3.14.2-2.fc25

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...

EMC VNX2 OE for File and VNX1 OE for File Local Elevation of Privilege Vulnerability

The EMC VNX2 OE for File and VNX1 OE for File are file storage devices from EMC Corporation USA. A security vulnerability exists in EMC VNX2 OE for File and VNX1 OE for File, which can be exploited by a local attacker to submit a special request to execute arbitrary commands with root privileges...

EMC VNX2 OE for File and VNX1 OE for File Elevation of Privilege Vulnerabilities

The EMC VNX2 OE for File and VNX1 OE for File are file storage devices from EMC Corporation USA. A security vulnerability exists in EMC VNX2 OE for File and VNX1 OE for File, which can be exploited by a remote attacker to submit a special request to execute arbitrary code with root privileges on ...

PT-2017-18515 · Facebook · Whatsapp Messenger

Name of the Vulnerable Software and Affected Versions: Facebook WhatsApp Messenger versions prior to 2.16.323 for Android Description: The application stores files associated with a chat, such as Audio, Documents, Images, Video, and Voice Notes, in cleartext on the SD card, even after the chat is...

Petya Ransomware Installs Mischa As Failsafe

The Petya ransomware strain signaled a new escalation for crypto-malware when it surfaced in March. For the first time, ransomware went beyond encrypting files on local and shared drives and instead set its sights on locking up the Master File Table on compromised machines. Petya did have its...

Fieldable Panels Panes - Moderately Critical - Access Bypass - SA-CONTRIB-2016-014

This module enables you to create fieldable entities that have special integration with Panels. The module doesn't check access permissions on a file when it is attached to a field on a Fieldable Panels Panes entity that has been made private and where the file field is set to store files using t...

Cowrie - SSH Honeypot

Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Cowrie is directly based on Kippo by Upi Tamminen desaster. Features Some interesting features: Fake filesystem with the ability to...