Net-SNMP SNMPD.Conf Tokens安全限制绕过漏洞

Net-SNMP是一款开放源代码的SNMP协议实现。 Net-SNMP存在安全限制绕过问题，远程攻击者可以利用漏洞写文件到未授权位置并执行。 要利用此漏洞，攻击者必须获得只读用户的权限或SNMP公共字符串。目前没有详细漏洞细节提供。 0 Net-SNMP Net-SNMP 5.3 Net-SNMP Net-SNMP 5.3 Net-SNMP net-snmp-5.3.1.tar.gz a href="http://downloads.sourceforge.net/net-snmp/net-snmp-5.3.1.tar.gz"...

CVE-2006-2958

Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. dot dot in a 1 .rar, 2 .tar, 3 .jar, or 4 .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2006-2100

The CVE-2006-2100 entry describes a directory traversal vulnerability in Magic ISO 5.0 Build 0166. Affected component: Magic ISO’s ISO image handling. Root cause: remote attackers can exploit a .. (dot dot) in a filename within an ISO image to write arbitrary files on the system. Impact per provi...

CVE-2006-2101

The provided CVE-2006-2101 entry describes a directory traversal vulnerability in WinISO 5.3. The flaw allows an attacker to write arbitrary files by using a .. sequence in a filename inside an ISO image, enabling remote file writes. The relation to other connected documents does not add addition...

xosx-passwd.pl.txt

Original reference: http://fakehalo.us/xosx-passwd.pl --------------------------------------------------------------------- !/usr/bin/perl /usr/bin/passwdOSX: local root exploit. by: vade79/v9 [email protected] fakehalo/realhalo Apple OSX's /usr/bin/passwd program has support for a custom passwd fil...

Oracle Reports arbitrary file writing vulnerability

Overview Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to overwrite arbitrary files on the Reports Server. Description Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. It is a...

4D WebStar Symbolic Link Vulnerability

The remote server is running 4D WebStar FTP Server. 4D WebStar is reportedly vulnerable to a local symbolic link vulnerability. This issue is due to a design error that causes the application to open files without properly verifying their existence or their absolute location. Successful...

CVE-2005-2384

CVE-2005-2384 describes a directory traversal in a third‑party compression library (UNACEV2.DLL) used by Avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460. The vulnerability allows a remote attacker to write arbitrary files by supplying an ACE archive with filenames co...

DSA-756-1 squirrelmail - several

Bulletin has no description...

Mandrake Linux Security Advisory : rsh (MDKSA-2005:100)

A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server. The updated packages have been patched to...

SquirrelMail < 1.45 Multiple Vulnerabilities

According to its banner, the version of SquirrelMail installed on the remote host is prone to multiple flaws : - Post Variable Handling Vulnerabilities Using specially crafted POST requests, an attacker may be able to set random variables in the file 'optionsidentities.php', which could lead to...

CVE-2005-1301

nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files...

Sun Java System ASP < 4.0.3 Multiple Vulnerabilities

Binary data 4533.prm...

CVE-2004-0426

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...

CVE-2004-0426

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...

GuppY : XSS, Files Reading/Writing

Informations : °°°°°°°°°°°°° Language : PHP Bugged Version : 2.4p3 and less ? Patched version : 2.4p4 Website : http://www.freeguppy.org Problems : - Permanent XSS - Files Reading - Files Writing PHP Code/Location : °°°°°°°°°°°°°°°°°°° postguest.php :...

GameSpy Arcade Arbitrary File Writing Vulnerability

ThreeZee Technology, Inc. Security Advisory TZT002 Advisory: GameSpy Arcade Arbitrary File Writing Discovered: July 26, 2003 Released: July 31, 2003 Risk: Critical; Allows writing of a file to any location on the victim's system. Author: Mike Kristovich, Security Researcher ThreeZee Technology,...

CVE-2003-0284

Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus...

CVE-2003-0086

The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown...

multiple vulnerabilities in glftpd

MULTIPLE VULNERABILITIES IN GLFTPD I. BACKGROUND Glftpd is a ftpd server, but it wasn't designed as a replacement of fptd server. It is a kind of warez ftpd like serv-u, war-ftpd . It has its own users, groups etc. it doesn't use system files . It has built in request and message system, which...