Python IDLE 2.7.8 - Crash (PoC)

Python IDLE 2.7.8 - Crash PoC !/usr/bin/env python Title : Python IDLE 2.7.8 - Crash Proof Of Concept Website : http://www.python.org/idle/ Tested : Windows 7 / Windows 8.1 Author : Hadi Zomorodi Monavar Email : [email protected] 1 . run python code : python poc.py 2 . open r3z4.txt and copy...

Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.10010.0 / 4.0.x < 4.0.4013.0 / 4.1.x < 4.1.4011.0 IPC File Write Vulnerability

The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is a version prior to 3.1.10010.0, or is version 4.0.x prior to 4.0.4013.0, or version 4.1.x prior to 4.1.4011.0. It is, therefore, affected by a flaw that allows unauthenticated IPC commands to write files. A local...

Cisco AnyConnect Secure Mobility Client < 3.1.10010.0 / 4.0.x < 4.0.4013.0 / 4.1.x < 4.1.4011.0 IPC File Write Vulnerability

The Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.10010.0, or is version 4.0.x prior to 4.0.4013.0, or version 4.1.x prior to 4.1.4011.0. It is, therefore, affected by a flaw that allows unauthenticated IPC commands to write files. A local,...

Python IDLE 2.7.8 - Crash (PoC)

!/usr/bin/env python Title : Python IDLE 2.7.8 - Crash Proof Of Concept Website : http://www.python.org/idle/ Tested : Windows 7 / Windows 8.1 Author : Hadi Zomorodi Monavar Email : [email protected] 1 . run python code : python poc.py 2 . open r3z4.txt and copy content to clipboard 3 . open...

Symantec Endpoint Protection Manager Arbitrary File Write Vulnerability

Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A security vulnerability exists in the management console of previous...

CVE-2015-1487

The SEPM (Symantec Endpoint Protection Manager) product is affected by CVE-2015-1487: a flaw in the management console prior to 12.1-RU6-MP1 allows remote authenticated users to write arbitrary files via a crafted filename, potentially elevating to administrator privileges. Technical context from...

Symantec Endpoint Protection Multiple Issues

SUMMARY The management console for Symantec Endpoint Protection Manager SEPM is susceptible to multiple vulnerabilities including SQL Injection, authentication bypass, possible path traversal and the potential for arbitrary file read/write. SEP clients are susceptible to a binary planting...

elfutils: directory traversal in read_long_names()

Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...

Child Theme Creator by Orbisius <= 1.2.6 - Arbitrary File Write

The Child Theme Creator by Orbisius WordPress plugin was affected by an Arbitrary File Write security vulnerability...

WordPress Child Theme Creator Plugin <= 1.2.6 - Arbitrary File Write

Because of this vulnerability, remote authenticated users can write arbitrary content to existing files in theme directory. Solution Update this plugin...

CVE-2015-3202

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking 1 mount or 2 umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNTMTAB environment variable that is used by mount's debugging feature...

Android Droidware UK Explorer+ File Manager Application Directory Traversal Vulnerability

Droidware UK Explorer+ File Manager application for Android is a file manager based on the Android platform. A directory traversal vulnerability exists in the Android Droidware UK Explorer+ File Manager application prior to version 2.3.3. A remote attacker can exploit this vulnerability to write...

CVE-2015-1942

The CVE-2015-1942 entry concerns IBM Tivoli Storage Manager FastBack Server. Multiple sources (IBM Security Bulletin, NVD/NIST, and Nessus/OpenVAS listings) confirm that FastBack Server versions up to 6.1.11.1 are affected when handling crafted TCP traffic. The root issue is a remote code executi...

The vulnerability of the NetCharts Server data visualization platform allows a hacker to write arbitrary files.

The vulnerability in the saveFile.jsp file of the NetCharts Server deployment tool exists due to an incorrect restriction on the path name for the restricted access directory. Exploiting this vulnerability allows a malicious actor to write any files they desire...

CGI RESCUE BloBee Arbitrary Code Execution Vulnerability

CGI RESCUE BloBee is a bulletin release software. A security vulnerability exists in CGI RESCUE BloBee that can be exploited by remote attackers to write to arbitrary files and execute arbitrary code...

Zarafa Collaboration Platform Local Arbitrary File Write Vulnerability

Zarafa Collaboration Platform is a suite of open source email and calendaring software. A security vulnerability in the provider/server/ECServer.cpp file of Zarafa Collaboration Platform allows a local attacker to write arbitrary files by performing a symbolic link attack on the...

PT-2020-7830 · Abrt +2 · Abrt +2

Name of the Vulnerable Software and Affected Versions: ABRT affected versions not specified Description: The issue allows local users to potentially write to arbitrary files or have other unspecified impact via a symlink attack on certain directories. Recommendations: At the moment, there is no...

Visual Mining NetChart Directory Traversal Vulnerability

Visual Mining NetChart is a suite of data visualization tools from Visual Mining USA. The tool supports the generation of data in the form of charts, graphs, and reports. A directory traversal vulnerability exists in the saveFile.jsp file in the development installer of Visual Mining NetChart. A...

GNU Parallel Arbitrary File Write Vulnerability

GNU Parallel is a set of shell tools developed by the GNU Project that can be used to parallelize the execution of jobs on a single or multiple machines. A security vulnerability exists in versions prior to GNU Parallel 20150522. When a program uses the --cat and --sshlogin commands or the --fifo...

UBUNTU-CVE-2015-1324

Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root...