CVE-2011-5290

The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control in UniBasic100EDA1811C.ocx in IDrive Online Backup 3.4.0 allows remote attackers to write to arbitrary files via a pathname in the first argument...

CVE-2011-5291

The CVE-2011-5291 entry concerns Ashampoo 3D CAD Professional (3.x) before 3.0.2, where the SaveData method of the Cygnicon.ViewControl.1 ActiveX control in CyViewer.ocx allows a remote attacker to write arbitrary files by supplying a pathname as the first argument. The vulnerability is rooted in...

CVE-2011-5289

The CVE-2011-5289 entry concerns the SaveDecrypted method of the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in ChilkatCrypt2.dll used by aTube Catcher 2.3.570. The vulnerability allows remote attackers to write to arbitrary files by supplying a pathname in the argument to SaveDecrypted. Docume...

CVE-2011-5291

The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in CyViewer.ocx in Ashampoo 3D CAD Professional 3.x before 3.0.2 allows remote attackers to write to arbitrary files via a pathname in the first argument...

CVE-2011-5293

The CVE-2011-5293 entry concerns ThreeDify Designer 5.0.2. The cmdSave method of the ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll allows remote attackers to write to arbitrary files via a pathname argument. Affected product: ThreeDify Designer 5.0.2 (ActiveX control). Vulnerability type...

ActiveBar ActiveX Method Arbitrary File Write - Ver2 (CVE-2007-3883)

An Overwrite Files vulnerability has been reported in The Data Dynamics ActiveBar ActiveX control. Successful exploitation of this vulnerability could allow a remote attacker to create or overwrite files via a full pathname in the second argument to the Save method, or the first argument to the...

PT-2014-4562 · Telerik · Telerik Ui For Asp.Net Ajax

Name of the Vulnerable Software and Affected Versions: Telerik UI for ASP.NET AJAX versions prior to Q3 2012 SP2 Description: The issue allows remote attackers to write to arbitrary files and consequently execute arbitrary code via a full pathname in the UploadID metadata value in the...

CVE-2014-5208

CVE-2014-5208 affects Yokogawa BKBCopyD.exe in Batch Management Packages on CENTUM CS 3000 (R3.09.50 and earlier), CENTUM VP (R4.03.00 and R5.x up to R5.04.00), and Exaopc (R3.72.10). The vulnerability allows unauthenticated remote access to read arbitrary files via RETR, write arbitrary files vi...

CVE-2014-6407

CVE-2014-6407 affects Docker up to 1.3.2, where attackers could write arbitrary files and execute code via a symlink or hard link attack in an image archive during pull or load. Evidence from connected docs shows fixed in the openSUSE/SUSE docker 1.3.2 update (docker-docker-stable forks) addressi...

Symantec Endpoint Protection Manager Multiple Vulnerabilities (Dec 2014)

Symantec Endpoint Protection Manager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

wget: FTP symlink arbitrary filesystem access

A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode using the '-m' command line option to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution...

Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities

No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20141106-0 ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080...

SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection

SEC Consult Vulnerability Lab Security Advisory 20141106-0 ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080 fixed version: 12.1.5 RU 5 impact:...

Symantec Endpoint Protection Manager < 12.1 RU5 Multiple Vulnerabilities (SYM14-015)

The version of Symantec Endpoint Protection Manager SEPM installed on the remote host is 12.1 prior to 12.1 RU5. It is, therefore, affected by the following vulnerabilities : - An XML external entity XXE injection vulnerability due to improper validation of XML external entities. A remote attacke...

Code injection

ConsoleServlet in Symantec Endpoint Protection Manager SEPM 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors...

CVE-2014-3439

Symantec Endpoint Protection Manager (SEPM) 12.1 prior to RU5 is affected by CVE-2014-3439: an Unauthenticated Arbitrary File Write in the ConsoleServlet, caused by improper filtering of user input in the logging component. This can allow remote attackers to write arbitrary files, potentially ena...

Symantec Endpoint Protection 12.1.4023.4080 XXE / XSS / Arbitrary File Write

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080 fixed version: 12.1.5 RU 5 impact: Critical CVE...

Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities

Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable...

Pidgin Theme/Smiley Untar Arbitrary File Write Vulnerability

Talos Vulnerability Report VRT-2014-0205 Pidgin Theme/Smiley Untar Arbitrary File Write Vulnerability November 6, 2014 CVE Number CVE-2014-3697 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of the TAR archive parsing functionality. An attacker wh...

Symantec Endpoint Protection 12.1.4023.4080 - Multiple Vulnerabilities

Exploit for jsp platform in category web applications title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080 fixed version: 12.1.5 RU 5 impact: Critical CVE number: CVE-2014-3437, CVE-2014-3438, CVE-2014-3439 homepage:...