PT-2014-3437 · Festvocal · Flite

Name of the Vulnerable Software and Affected Versions: Flite version 1.4 Description: The issue allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. This is due to a problem in the play wave from socket function in audio/auserver.c. Recommendations: For Flite version...

Synology DiskStation Manager arbitrary file modification

Overview Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges. Description CWE-284: Improper Access Control - CVE-2013-6955Synology DiskStation Manager...

ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check)

The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the tzfileread function that allows a denial of service or arbitrary code execution. CVE-2009-5029 - An error exists in the glibc library related ...

CVE-2012-4121

Cisco NX-OS contains a local-privilege-escalation flaw in the Stream Editor (sed) usage via the r and w commands. The issue is tied to input-validation problems, enabling an authenticated, local attacker to read or modify arbitrary files on the device. Documents reference Bug IDs CSCts56559, CSCt...

CVE-2012-4095

The local file editor in the fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521...

CVE-2012-4096

The local file editor in the Baseboard Management Controller BMC in Cisco Unified Computing System UCS allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574...

Cisco Unified Computing System FTP User Vulnerability

A vulnerability in the FTP server of the Cisco Unified Computing System could allow an unauthenticated, adjacent attacker to view and modify files. The vulnerability is due to an undocumented user account with a hard-coded password. An attacker could exploit this vulnerability by accessing the FT...

CVE-2012-4088

The FTP server in Cisco Unified Computing System UCS has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769...

ProFTPD: Multiple vulnerabilities

Background ProFTPD is an advanced and very configurable FTP server. Description Multiple vulnerabilities have been discovered in ProFTPD. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker could possibly execute arbitrary code with the privileges o...

KLA10351 Multiple vulnerabilities in Symantec Backup Exec

Multiple serious vulnerabilities have been found in Symantec Backup Exec. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, read-write backup files, inject scripts and execute arbitrary code Below is a complete list of vulnerabilities 1...

Directory traversal

Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors...

discuz x latest background Getshell detailed use method-vulnerability warning-the black bar safety net

User – the user column – the column packet – submit – capture I am in this error, be sure to submit, or catch the data packet is not the same | 1 | The Content-Disposition: form-data; name="settingnewprofilegroupnewbaseavailable" ---|--- Read: 1 | Content-Disposition: form-data;...

ecshop 7, the patch appeared again covert Backdoor-vulnerability warning-the black bar safety net

ecshop is acquired, you don't know what's up 2 0 1 3 5 7 Number update number 7 patch, but the download down, I found obviously wrong. First, the includes directory inside the install folder, the original is not in this folder, and inside is full of js, which are the last to discover this directo...

Code injection

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file...

CVE-2013-0224

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file...

SEC Consult SA-20130308-0 :: Multiple critical vulnerabilities in GroundWork Monitor Enterprise &#40;part 1&#41;

SEC Consult Vulnerability Lab Security Advisory 20130308-0 ======================================================================= title: Multiple critical vulnerabilities part 1 product: GroundWork Monitor Enterprise vulnerable version: 6.7.0 fixed version: none - optional technical bulletin...

GroundWork Monitor Enterprise contains multiple vulnerabilities

Overview GroundWork Monitor Enterprise 6.7.0 and possibly earlier versions contain multiple vulnerabilities. Description The SEC Consult Vulnerability Lab Security Advisory states:The following vulnerability description has been categorized into the components where the vulnerabilities have been...

[Onapsis Security Advisory 2013-004] SAP J2EE Core Service Arbitrary File Access

Onapsis Security Advisory 2013-004: SAP J2EE Core Service Arbitrary File Access This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories,...

CVE-2013-0219

System Security Services Daemon SSSD before 1.9.4, when 1 creating, 2 copying, or 3 removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files...

8 ways siteserver background getwebshell and safety recommendations-vulnerability warning-the black bar safety net

First: stencil management to directly modify the file source code can be obtained webshell Second: editor vulnerability http://demo2.siteserver.cn/siteserver/TextEditor/fckeditor/ can get webshell Third: stencil add actually have add asp to the aspx file the template in webshell Fourth: the page...