7134 matches found
Brocade Network Advisor Directory Traversal Vulnerability (CNVD-2017-00702)
Brocade Network Advisor is a set of management tools for the entire network lifecycle from Brocade Communications Systems Brocade. A directory traversal vulnerability exists in servletSoftwareImageUpload in Brocade Network Advisor 14.0.2 and earlier versions. A remote attacker can exploit this...
CVE-2016-8206
A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files...
BSA-2017-179
Security Advisory ID : BSA-2017-179 Component : BNA Revision : 1.0: Final A Directory Traversal Vulnerability in servletSoftwareImageUploadin the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently dele...
PHPMailer Sendmail Argument Injection
PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This module writes a payload to th...
SwiftMailer Remote Code Execution
09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attacker" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'; // ------------------...
SwiftMailer 5.4.5-DEV - Remote Code Execution
SwiftMailer 5.4.5-DEV - Remote Code Execution 09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attacker" -oQ/tmp/...
McAfee VirusScan Enterprise for Linux authentication token brute force
Added: 12/23/2016 CVE: CVE-2016-8023 BID: 94823 Background McAfee VirusScan Enterprise for Linux is real-time, anti-malware software for Linux. Problem McAfee VirusScan Enterprise for Linux allows remote attackers to execute arbitrary commands by exploiting multiple vulnerabilities, including the...
McAfee VirusScan Enterprise for Linux authentication token brute force
Added: 12/23/2016 CVE: CVE-2016-8023 BID: 94823 Background McAfee VirusScan Enterprise for Linux is real-time, anti-malware software for Linux. Problem McAfee VirusScan Enterprise for Linux allows remote attackers to execute arbitrary commands by exploiting multiple vulnerabilities, including the...
Directory Traversal
Overview hostr is a simple web server for the current working directory. Used for hello world style web sites hosting only files in current directory structure. Watches files and integrates with LiveReload. Affected versions of the package do not filter http GET requests in javascript code,...
CVE-2016-9565
CVE-2016-9565 affects Nagios Core before 4.2.2 via MagpieRSS in the front-end component, allowing remote attackers to read or write arbitrary files by spoofing a crafted response from the Nagios RSS feed server; this follows an incomplete fix for CVE-2008-4796. Connected advisories indicate multi...
McAfee Virus Scan Enterprise For Linux Remote Code Execution
Source: https://nation.state.actor/mcafee.html Vulnerabilities CVE-2016-8016: Remote Unauthenticated File Existence Test CVE-2016-8017: Remote Unauthenticated File Read with Constraints CVE-2016-8018: No Cross-Site Request Forgery Tokens CVE-2016-8019: Cross Site Scripting CVE-2016-8020:...
McAfee Virus Scan Enterprise for Linux - Remote Code Execution Exploit
Exploit for linux platform in category remote exploits ''' Source: https://nation.state.actor/mcafee.html Vulnerabilities CVE-2016-8016: Remote Unauthenticated File Existence Test CVE-2016-8017: Remote Unauthenticated File Read with Constraints CVE-2016-8018: No Cross-Site Request Forgery Tokens...
McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution
''' Source: https://nation.state.actor/mcafee.html Vulnerabilities CVE-2016-8016: Remote Unauthenticated File Existence Test CVE-2016-8017: Remote Unauthenticated File Read with Constraints CVE-2016-8018: No Cross-Site Request Forgery Tokens CVE-2016-8019: Cross Site Scripting CVE-2016-8020:...
CVE-2016-6321
CVE-2016-6321 is a directory traversal vulnerability in GNU tar (safer_name_suffix) affecting tar 1.14–1.29. An attacker could bypass path sanitization and overwrite arbitrary files when extracting archives, via crafted file names (aka POINTYFEATHER). The issue is triggered by how tar removes off...
Privilege Escalation
foolscap is vulnerable to privilege escalation. Malicious users that have the ability to write files to a location where the flappserver process could read them, get control of flappserver process via the lookup function...
Arbitrary File Write Vulnerability in FineCMS Backend
FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. An arbitrary file write vulnerability exists in the config/site.ini.php page of the FineCMS backend. Allows attackers to upload webshell and gain server privileges...
CVE-2016-6450
A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE...
Mozilla Firefox Arbitrary File Write Vulnerability
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox suffers from an arbitrary file write vulnerability. When the Mozilla Updater program runs, log files in the Updater working directory point to hard links, allowing an attacker t...
Mozilla Firefox Security Advisories (MFSA2016-89, MFSA2016-90) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
The vulnerability of the Linux operating system, which allows a hacker to overwrite arbitrary files
The vulnerability of the EXT4IOCMOVEEXT ioctl implementation in the Linux file system is related to deficiencies in access control. Exploiting this vulnerability allows a local attacker to re-write arbitrary files using a specially created request that relies on insufficient access rights checkin...