Rapid7 Metasploit Directory Traversal Vulnerability (CNVD-2017-02665)

Metasploit Pro is a guided penetration testing platform. A directory traversal vulnerability exists in the Meterpreter stdapi Dir.download function in versions of Rapid7 Metasploit prior to 4.13.0-2017020701. An attacker can exploit the vulnerability to write arbitrary files on the Metasploit...

CVE-2017-5228

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the...

CVE-2017-5229

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parsedump function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console...

[SECURITY] [DSA 3794-2] munin regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3794-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2017 https://www.debian.org/security/faq -...

rubyzip gem Zip::File component directory traversal vulnerability

The rubyzip gem is a Ruby library for reading and writing zip files. A directory traversal vulnerability exists in the Zip::File component of the rubyzip gem. An attacker can exploit the vulnerability by uploading a malicious file to write an arbitrary file to the file system...

CVE-2017-5946

CVE-2017-5946 – Rubyzip directory traversal vulnerability : The Zip::File component of the rubyzip gem for Ruby (pre-1.2.1) allows a ZIP archive to write files outside the target directory when a ZIP upload contains paths with "..". This enables arbitrary file writes on the filesystem if a site p...

kdepimlibs -- directory traversal on KTNEF

Albert Aastals Cid reports: A directory traversal issue was found in KTNEF which can be exploited by tricking a user into opening a malicious winmail.dat file. The issue allows to write files with the permission of the user opening the winmail.dat file during extraction...

Debian DSA-3794-1 : munin - security update

Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process...

[SECURITY] [DSA 3794-1] munin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3794-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 25, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3794-1] munin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3794-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 25, 2017 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3794-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Munin Local File Write Vulnerability

Munin is a set of network resource monitoring tools. The tool monitors core system resources including memory, disk, CPU usage, server applications and more. A local file write vulnerability exists in Munin versions prior to 2.999.6. An attacker can exploit the vulnerability by setting multiple...

Design/Logic Flaw

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user...

CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user...

CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user...

DEBIAN-CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user...

CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user...

CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user...

CVE-2017-6188

CVE-2017-6188 affects Munin prior to a fixed version where CGI graphs enabled allow a local file overwrite by abusing multiple upper_limit GET parameters. The vulnerability enables overwriting any file accessible to the webserver user (www-data). Public disclosures and advisories in connected doc...

CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upperlimit GET parameters allows overwriting any file accessible to the www-data user...