DEBIAN-CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...

DEBIAN-CVE-2015-3306

The modcopy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands...

CVE-2015-3306

CVE-2015-3306 affects ProFTPD before patches for 1.3.5, via the mod_copy module. Unauthenticated attackers can use SITE CPFR/CPTO to copy files anywhere on the server and can read/write arbitrary files, enabling remote code execution and information disclosure. Public exploits and proofs (e.g., e...

EasyCTF Arbitrary File Content Write Vulnerability

EasyCTF is a CGI program for scoring CTFs. EasyCTF has an unspecified security vulnerability that could be exploited by remote attackers to write arbitrary executable content to a file...

Code injection

EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors...

CVE-2015-0912

EasyCTF is a server-side CGI scoring tool. A vulnerability (CWE-22) allows a remote attacker to create arbitrary files on the server, which may lead to arbitrary code execution. Affected products: EasyCTF 1.3 and earlier. Root cause involves improper handling of file writes (arbitrary file creati...

CVE-2015-0557

ARJ archiver 3.10.22 is affected by CVE-2015-0557: ARJ does not fully strip leading slashes from file paths in archives, enabling absolute path traversal and potential writing to arbitrary files when processing specially crafted ARJ archives. Impact observed across multiple distributions (e.g., D...

Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability

The Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN client. The Cisco AnyConnect Secure Mobility Client has a security vulnerability in inter-process communication IPC that allows a local attacker to write and overwrite arbitrary files with elevated privileges...

CVE-2015-0665

The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0.00051 and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173...

CVE-2015-2304

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive...

Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability

A vulnerability in the inter-process communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to write arbitrary files with elevated privileges. The vulnerability is due to lack of authentication or authorization of certain IPC commands. An...

KENT-WEB Joyful Note Arbitrary Code Execution Vulnerability

KENT-WEB Joyful Note is a suite of message board applications from the Japanese company KENT-WEB. A security vulnerability exists in KENT-WEB Joyful Note versions prior to 5.3. A remote attacker can exploit the vulnerability to delete or write arbitrary files and execute arbitrary code...

Lexmark Markvision Enterprise LibraryFileUploadServlet servlet directory traversal vulnerability

Lexmark Markvision Enterprise is the United States Lexmark Lexmark a set of Web-based network device management software. The software is mainly used to manage network devices such as printers, such as providing some printer drivers for Unix systems. A directory traversal vulnerability exists in...

CVE-2014-9282

The CVE-2014-9282 entries describe a directory traversal flaw in the Android apps Speed Root Explorer (prior to 3.2) and Speed Explorer (prior to 2.2). The issue arises from how filenames are processed, allowing a remote attacker to overwrite or create arbitrary files in accessible directories vi...

CVE-2014-9282

Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename...

DEBIAN-CVE-2015-1589

Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. dot dot in a CHM file...

Rsync Arbitrary File Write Vulnerability

rsync is a data mirroring backup application for Unix-like systems developed by Australian software developers Andrew Tridgell and Paul Mackerras that synchronizes file and directory updates between two computers and uses differential encoding to reduce data transfers. An arbitrary file write...

DEBIAN-CVE-2015-1197

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...

CVE-2014-1831

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on 1 controlprocess.pid or a 2 generation- file...

CVE-2014-1832

CVE-2014-1832 affects Phusion Passenger 4.0.37 and is caused by insecure handling of temporary files, enabling a local attacker to perform a symbolic/link attack on (1) control_process.pid or (2) generation-* files. This allows writing to certain files/directories with local access. The issue ari...