7133 matches found
CVE-2016-0727
The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to...
UBUNTU-CVE-2016-0727
The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to...
Unrestricted file upload
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors...
CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...
CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...
Code injection
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...
UBUNTU-CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...
CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...
CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...
Red Hat Automatic Bug Reporting Tool任意文件写入漏洞
问题在abrt-action-install-debuginfo-to-abrt-cache 在默认的情况下,它会在/var/tmp/abrt-tmp-debuginfo-RANDOMSUFFIX创建一个临时文件,然后会下载rpm文件到这个文件夹,之后会进行解压,因为是临时文件夹,所以解压的路径不是这个,而是在/var/cache/abrt-di,但是因为这个文件夹并不是随机创建的,而且可预测性极强,所以我们可以提前创建这个文件夹,依靠控制unpacked.cpio这个文件,我们就能欺骗abrt-action-install-debuginfo提取一个我们可控制的cpio文件...
Red Hat Automatic Bug Reporting Tool Arbitrary File Write Vulnerability
Red Hat Automatic Bug Reporting Tool ABRT is a set of automated bug detection and reporting tools from Red Hat Red Hat. A security vulnerability exists in the abrt-action-install-debuginfo-to-abrt-cache help program in Red Hat ABRT versions prior to 2.7.1. A local attacker can exploit the...
CVE-2015-5273
CVE-2015-5273 affects ABRT and libreport: the abrt-action-install-debuginfo-to-abrt-cache helper allows a local attacker to write arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. Public advisories (RHSA/CESA) and distributed sec...
Oracle BeeHive 2 - 'voice-servlet processEvaluation()' Write File (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Oracle BeeHive 2 voice-servlet processEvaluation Vulnerability", 'Description' = %q This module exploits a vulnerability found in...
Design/Logic Flaw
Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and writ...
flash-plugin: multiple code execution issues fixed in APSB15-28
Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and writ...
flash-plugin: multiple code execution issues fixed in APSB15-28
Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and writ...
CVE-2015-7662
Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and writ...
Oracle Beehive prepareAudioToPlay Arbitrary File Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Beehive. Authentication is not required to exploit this vulnerability. The specific flaw exists within the voice-servlet's playAudioFile.jsp. The method prepareAudioToPlay contains vulnerabl...
Janitza UMG Arbitrary File Read/Write Vulnerability
The Janitza UMG is an online power quality monitor for the energy industry from Janitza Germany. An arbitrary file read/write vulnerability exists in Janitza UMG 508, 509, 511, 604,605. This allows remote attackers to read or write files, or execute arbitrary JASIC code via a session with TCP por...
CVE-2015-5669
Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors...