Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability

A vulnerability in the mounted filesystem of Cisco 8800 Series IP Phones could allow an authenticated, remote attacker to access any file, including the right to change the file mode, on a targeted device. The vulnerability is due to insufficient enforcement of filesystem permissions. An attacker...

CVE-2016-2826

The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file...

CVE-2016-2826

The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file...

CVE-2016-2826

The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file...

The vulnerability of the PHP interpreter, allowing a hacker to modify arbitrary files

The vulnerability of the PharData PHP interpreter relates to deficiencies in pathname restrictions for directories. Exploiting this vulnerability allows an attacker to modify arbitrary files by adding the symbol “..” to the pathname of the ZIP archive during the extractTo operation...

Hexchat IRC Client Directory Traversal Vulnerability

Hexchat formerly known as XChat-WDK is a cross-platform IRC Instant Chat over the Internet communications software. Hexchat IRC Client is one of the IRC client products based on XChat. Hexchat IRC Client version 2.11.0 has a directory traversal vulnerability in the 'logcreatepathname' function in...

The vulnerability of the InfoSphere Information Server software platform, which allows a perpetrator to circumvent existing access restrictions

The vulnerability of the InfoSphere Information Server software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions by modifying the cookie file...

CVE-2016-2288

Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file...

CVE-2016-2288

Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file...

Android system vulnerability to mention the right-vulnerability warning-the black bar safety net

A preamble 1.1 what is the root Root-that is, we here that the system provides the right, typically is for Android system mobile phone, it makes it so that the user can get the Android operating system the super-user permissions. the root is generally used to help users over the phone to...

VMware ESX / ESXi Arbitrary File Modification (VMSA-2013-0016) (remote check)

The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by an arbitrary file modification vulnerability due to improper handling of certain Virtual Machine file descriptors. A local attacker can exploit this to read or modify arbitrary files. C Tenable...

CVE-2015-8150

Symantec Encryption Management Server SEMS 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file...

OpenSMTPD has multiple vulnerabilities

OpenSMTPD is a free server-side implementation of the SMTP protocol. OpenSMTPD suffers from stack overflow, memory corruption, and symbolic link attack vulnerabilities that could be exploited by remote attackers to submit a special request for a denial-of-service attack, crash an application, or...

CVE-2015-1002

IniNet embeddedWebServer aka eWebServer before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string...

Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability (cisco-sa-20151007-vcs)

A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to perform a symbolic link attack on the affected system. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be...

Cisco TelePresence Video Communication Server Expressway File Modification Vulnerability

A vulnerability in the symbolic link operation of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to perform a symbolic link attack on the affected system. The vulnerability is due to insufficient protection of files. An attacker could...

Zen Cart 1.5.4 Code Execution / Information Disclosure

Zen Cart 1.5.4: Code Execution and Information Leak Security Advisory – Curesec Research Team 1. Introduction Affected Product: Zen Cart 1.5.4 Fixed in: partial fix via patch Partial Patch Link: https://www.zen-cart.com/showthread.php?218239-curesec-security-report-Patch-Included Vendor Contact:...

The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server allows a intruder to gain privileges of the root user.

The vulnerability of the CLI component of the Microprogramming Software for Cisco TelePresence Video Communication Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating locally, to gain root user privileges by modifying...

BusyBox DNS Configuration

This module will be applied on a session connected to a BusyBox shell. It allows to set the DNS server on the device executing BusyBox so it will be sent by the DHCP server to network hosts. This module requires Metasploit: https://metasploit.com/download Current source:...

Cisco Email Security Appliance Malformed DMARC Policy Records File Modification Vulnerability

A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to generate malformed Domain-Based Message Authentication, Reporting, and Conformance DMARC policy records to the targeted system. The vulnerability occurs because the affected ESA is not abl...