QNX RTOS 4.25 monitor Arbitrary File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor -f command line...

Debian Security Advisory DSA 2953-1 (dpkg - security update)

Multiple vulnerabilities were discovered in dpkg that allow file modification through path traversal when unpacking source packages with specially crafted patch files. This update had been scheduled before the end of security support for the oldstable distribution squeeze, hence an exception has...

DSA-2953-1 dpkg - security update

Bulletin has no description...

Debian: Security Advisory (DSA-2953-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-3836

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that 1 conduct cross-site scripting XSS attacks, 2 modify files, or 3 rename files via unspecified vectors...

CVE-2014-3836

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that 1 conduct cross-site scripting XSS attacks, 2 modify files, or 3 rename files via unspecified vectors...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that 1 conduct cross-site scripting XSS attacks, 2 modify files, or 3 rename files via unspecified vectors...

CVE-2014-3836

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that 1 conduct cross-site scripting XSS attacks, 2 modify files, or 3 rename files via unspecified vectors...

CVE-2014-3836

ownCloud Server

CVE-2014-3865

Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with 1 missing --- and +++ header lines or 2 a +++ header line with a...

DEBIAN-CVE-2014-3865

Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with 1 missing --- and +++ header lines or 2 a +++ header line with a...

CVE-2014-3227

dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to...

CVE-2014-3864

Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line...

CVE-2014-3227

The CVE-2014-3227 entry concerns dpkg components: dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 may rely on a patch program’s handling of the C-style encoded filenames feature. If the patch program is noncompliant, this leads to an interaction error that enables a directory travers...

UBUNTU-CVE-2014-3865

Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with 1 missing --- and +++ header lines or 2 a +++ header line with a...

CVE-2014-1347

Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations...

CVE-2014-1347

CVE-2014-1347 refers to an issue in Apple iTunes before 11.2.1 on macOS where, during reboot, the permissions of /Users and /Users/Shared are set to world-writable. This allows a local attacker to modify files and potentially access arbitrary user accounts via standard filesystem operations, cons...

KLA10077 WLF vulnerability in Apple iTunes

A permissions vulnerability was found in Apple iTunes. By exploiting this vulnerability malicious users can modify local files. This vulnerability can be exploited locally via standard file system operations. Original advisories Apple bulletin Related products Apple-iTunes CVE list CVE-2014-1347...

Mandriva Linux Security Advisory : python-imaging (MDVSA-2014:082)

Updated python-imaging packages fix security vulnerabilities : Jakub Wilk discovered that temporary files were insecurely created via mktemp in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to...

Code injection

The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors...