Code injection

The EMC Celerra Network Attached Storage NAS appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests...

DEBIAN-CVE-2009-4896

Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful mlmmj 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. dot d...

HP-UX Update for Tomcat Servlet Engine HPSBUX02541

Check for the Version of Tomcat Servlet Engine OpenVAS Vulnerability Test HP-UX Update for Tomcat Servlet Engine HPSBUX02541 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

HP-UX Update for Tomcat Servlet Engine HPSBUX02541

Check for the Version of Tomcat Servlet Engine OpenVAS Vulnerability Test HP-UX Update for Tomcat Servlet Engine HPSBUX02541 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Kaspersky Antivirus Code Injection

Hello Bugtraq. I write to notify a vulnerability in Kaspersky Antivirus that allows the code injection in the process that is executed in user's context, allowing: 1. The modification, creation and elimination of the values and keys in the Registration with respect to the configuration of the...

[ MDVSA-2010:074 ] kdebase

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:074 http://www.mandriva.com/security/ Package : kdebase Date : April 15, 2010 Affected: 2008.0, 2009.1, 2010.0, Corporate 4.0 Problem Description: A vulnerability has been found and corrected in kdm...

openSUSE Security Update : kde4-kdm (kde4-kdm-2134)

The KDE KDM contains a local race condition which allows to make arbitrary files world-writable. CVE-2010-0436 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Directory traversal

Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors...

CVE-2010-0396

Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive...

CVE-2010-0396

Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive...

CVE-2009-4488

Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendo...

Tomcat 6.0.18 非授权读取和修改文件

No description provided by source...

Fedora 10 : php-pear-Mail-1.1.14-5.fc10 (2009-12439)

Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially crafted headers to local user, leading to disclosure of content and potentially, to modification...

PHP168后台查看/修改任意文件漏洞

No description provided by source...

DEBIAN-CVE-2009-3289

The gfilecopy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link 777, which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory...

CVE-2009-2813

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote...

openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1162)

The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues. CVE-2009-2670: The audio system in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by 1 untrusted apple...

DEBIAN-CVE-2009-2334

wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as...

CVE-2009-2334

wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as...

CVE-2009-2296

CVE-2009-2296 affects Sun Solaris 10 and OpenSolaris prior to snv_119 where the NFSv4 server kernel module mishandles the nfs_portmon setting. This allows remote attackers to access shares and read, create, and modify arbitrary files via unspecified vectors. Remediation is through Solaris patches...