FTPS Cleartext Fallback Security Bypass

The remote FTPS server running on the remote host is affected by a security bypass vulnerability due to accepting unencrypted commands if SSL negotiations fail. A man-in-the-middle attacker can exploit this to intercept credentials and modify files. C Tenable Network Security, Inc...

WikkaWiki Multiple Security Vulnerabilities

WikkaWiki is prone to multiple security vulnerabilities, including: - An SQL injection vulnerability. - An arbitrary file upload vulnerability. - An arbitrary file deletion vulnerability. - An arbitrary file download vulnerability. - A PHP code injection vulnerability. SPDX-FileCopyrightText: 201...

CVE-2011-3993

CVE-2011-3993 affects SKYARC System Co., Ltd. MTCMS (<= 5.252) and several Movable Type plugins (e.g., MultiFileUploader <= 0.44, MailPack <= 1.741, AutoTagging

GoDaddy websites Compromised with Malware

GoDaddy websites Compromised with Malware Many sites hosted on GoDaddy shared servers getting compromised today with a conditional redirection to sokoloperkovuskeci.com.In all 445 cases the .htaccess file a main Apache web server configuration file was modified to redirect users to a malware site...

Apache Tomcat 7.0.0 < 7.0.19 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.19. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.19security-7 advisory. - Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled...

Design/Logic Flaw

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...

CVE-2011-2779

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...

CVE-2011-2145

mount.vmhgfs in the VMware Host Guest File System HGFS in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to...

Microsoft Office Excel Buffer Overflow

This is a PoC for MS11-021/CVE-2011-0978 Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow w3bd3vilatgmaildot.com twitter.com/w3bd3vil Modify bits at file location 0x39E7 0:000:x86 r eax=04dd6380 ebx=ffff5554 ecx=04ab5108 edx=00000000 esi=04ab4800 edi=ffff5554 eip=2f36a2fd...

Log1 CMS File Modification / Download

+---------------------------------------+ | Log1 CMS 2.0 Multiple Vulnerabilities | +---------------------------------------+ Vulnerable Web-App : Log1 CMS 2.0 Vulnerability : Multiple Vulnerabilities. Author : Aodrulez. Atul Alex Cherian Email : [email protected] Google-Dork : "POWERED BY LOG...

CVE-2010-4338

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine...

CVE-2010-4338

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine...

CVE-2010-1679

Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package...

Directory traversal

dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory...

CVE-2010-1679

Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package...

CVE-2010-1679

CVE-2010-1679 describes a directory-traversal flaw in dpkg-source (dpkg prior to 1.14.31 and 1.15.x) where a patch for a source-format 3.0 package can be exploited to modify arbitrary files. The root cause is insufficient validation of patch-driven file paths during source-package processing, ena...

CVE-2010-4068

Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714...

CVE-2010-4068

CVE-2010-4068 describes a vulnerability in the TYPO3 Extension Manager. Affected products/versions are TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4. The issue allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, d...

CVE-2010-3733

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file...

CVE-2010-3733

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file...