1312 matches found
PT-2016-3276 · Apache +3 · Apache Commons Fileupload +4
Name of the Vulnerable Software and Affected Versions: Apache Commons FileUpload versions prior to 1.3.3 Description: The issue is related to the deserialization mechanism in the DiskFileItem class of the Apache Commons FileUpload library. It allows a remote attacker to execute arbitrary code or...
CVE-2016-6371
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment HCM-F 10.63 and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717...
Directory traversal
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ dot dot slash in a filename in an archive file, related to KNewsstuff downloads...
The vulnerability of Cisco Nexus 1000V software allows a malicious individual to gain access to confidential information.
The GNU Bash command shell, as of version 4.3 bash43-025, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions. Security...
CVE-2016-0889
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname...
Techno Project Japan Enisys Gw Arbitrary Code Execution Vulnerability
Techno Project Japan Enisys Gw is an open source groupware software from Techno Project Japan. A security vulnerability exists in Techno Project Japan Enisys Gw. The vulnerability allows remote attackers to write to arbitrary files and execute arbitrary code...
Apple iOS Double Release Vulnerability
Apple iOS is an operating system for handheld devices developed by Apple Inc. A double release vulnerability exists in Apple iOS versions prior to 9.1, and OS X versions prior to 10.11.1. The vulnerability allows an attacker to perform arbitrary file write operations via a crafted application tha...
Apple OS X Symbolic Link Attack Vulnerability
Apple OS X is the operating system used by the Apple family of machines. A symbolic link attack vulnerability exists in Apple OS X versions prior to 10.11.1. The vulnerability allows an attacker to perform an unspecified symbolic link attack via a crafted application to perform arbitrary write to...
docker: symlink traversal on container respawn allows local privilege escalation
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...
IBM Security SiteProtector System Directory Traversal Vulnerability
The IBM Security SiteProtector System is a centralized management system that unifies the management and analysis of network, server and endpoint security agents and devices. A directory traversal vulnerability exists in IBM Security SiteProtector System, which allows remote attackers to write to...
USN-2549-1 libarchive vulnerabilities
It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to...
AVG Internet Security Elevation of Privilege Vulnerability
AVG Internet Security is an Internet security suite that includes antivirus, antispyware, antispam, link scanning and firewall. AVG Internet Security suffers from an elevation of privilege vulnerability, which can be exploited by a local attacker to write arbitrary files to enforce kernel-level...
DEBIAN-CVE-2014-6407
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...
CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX
Vulnerability title: Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX CVE: CVE-2014-3074 Vendor: IBM Product: AIX Affected version: AIX 6.1 and 7.1 and VIOS 2.2. Reported by: Tim Brown Details: It has been identified that the runtime linker allows privilege escalati...
AIX 7.1 TL 2 : malloc (IV62807)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
AIX 7.1 TL 2 : malloc (IV61314)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
AIX 6.1 TL 8 : malloc (IV61311)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
AIX 7.1 TL 1 : malloc (IV61315)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
AIX 6.1 TL 9 : malloc (IV60935)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
AIX 6.1 TL 7 : malloc (IV61313)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...