DEBIAN-CVE-2015-3902

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...

Code injection

The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files...

ECStore open source online shop system arbitrary file modification vulnerability to get shell-vulnerability warning-the black bar safety net

Brief description: Template Edit in the file edit function, to edit the file limit is not strict, the result may be to modify the system in the presence of any file Detailed description: File editing function, select To modify the file, where the selected image template file, then upload the...

FineCMS a lightweight version of the csrf vulnerability in the background to add management+any hung black page-bug warning-the black bar safety net

! FineCMS a lightweight version of the csrf vulnerability in the background to add management+any hung black page 2, the capture truncation ! FineCMS a lightweight version of the csrf vulnerability in the background to add management+any hung black page No verification 3, The structure of the for...

Researchers: PlugX More Prominent Than Ever

Existing in some form since 2008, the popular remote access tool PlugX has as notorious a history as any malware, but according to researchers the tool saw a spike of popularity in 2014 and is the go-to malware for many adversary groups. Many attacks, especially those occurring during the latter...

Design/Logic Flaw

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service arbitrary write to a file by modifying a configuration file...

CVE-2013-5758

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...

Wordpress Timthumb WebShot Vulnerability Code Execution

A vulnerability in TimThumb's "Webshot" feature allows for certain commands to be remotely executed on vulnerable websites with no authentication. An attacker can create, remove and modify any files on the affected server...

Updated dpkg packages fixes security vulnerabilities

Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package, leading to the creation of files outside the directory of the source being unpacked CVE-2014-0471. Multiple vulnerabilities were discovered in dpkg...

Internet Explorer 5,Firefox 0.8,OmniWeb 4.x URI Protocol Handler Arbitrary File Creation/Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10336/info A vulnerability has been identified in multiple products from multiple vendors that may allow a remote attacker to create or modify arbitrary files; these issues relate to the processing of URI requests via...

NConf 1.3 Arbitrary File Creation

No description provided by source. Exploit Title: nconf file read and wrtite exploit Date: 2013/1/20 Exploit Author: [email protected] Software Link: http://sourceforge.net/projects/nconf/files/nconf/ Version: nconf 1.3 Tested on: Server: Apache/2.2.15 Centos PHP/5.3.3 nconf can modify th...

Alice 2.2 - Arbitrary Code Execution Exploit

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Alice 2.2 Arbitrary Code Execution Exploit Date: Dec 5, 2010 Author: Rew Email: rew splat leethax.info Link: http://alice.org/index.php Version: 2.2 Windows Tested on: WinXP CVE: NA 0day This was a fun one to...

Ben Chivers Easy Homepage Creator 1.0 File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5340/info The vulnerability has been reported for Easy Homepage Creator. It is possible for an atttacker to modify any user's home page. The vulnerability is the result of Homepage Creator failing to properly authenticate...

Microsoft IIS 4.0/5.0 Executable File Parsing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a specially formed...

CGIScript.net csPassword.CGI 1.0 HTAccess File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4888/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net. It is possible...

QNX RTOS 4.25 dumper Arbitrary File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4904/info When creating memory dump files, the QNX RTOS debugging utility 'dumper' follows symbolic links. It also sets ownership of the file to the userid of the terminated process. It is possible for malicious local...

OpenVMS 5.3/6.2/7.x UCX POP Server Arbitrary File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5790/info An issue with the UCX POP Post Office Protocol server used by OpenVMS has been reported. It is possible for a malicous local user to overwrite arbitrary files on the filesystem by exploiting a vulnerability in t...

MobileCartly 1.0 Arbitrary File Write Vulnerability

No description provided by source. ----------------------------------------------------------- / | | | | | | | | | | | | | | | | | / |/ |/ \ | | || | || | | | | / | ||\,|,||| ----------------------------------------------------------- MobileCartly 1.0 Arbitrary File Write Vulnerability Bug...

Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5502/info Reportedly, it is possible for an administrator to manipulate create, modify etc. files outside of the FUDForum directories. This vulnerability is present in the 'adm/admbrowse.php' script. The vulnerability is...