CVE-2008-2942

Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." dot dot sequences in a patch file...

Authentication flaw

admin/filemanager/ aka the File Manager in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files...

CVE-2008-0884

The Replace function in the capp-lspp-config script in the 1 lspp-eal4-config-ibm and 2 capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux RHEL 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable...

PT-2008-1129 · Openbsd +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 4.4 through 4.7 OpenSSH versions prior to 4.9 Description: The issue concerns multiple vulnerabilities in the OpenSSH package that can be exploited to compromise the confidentiality, integrity, and availability of protected...

Code injection

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket...

CVE-2008-1569

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket...

CVE-2008-1569

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket...

CVE-2008-1569

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket...

CVE-2008-1570

policyd-weight contains a local race condition in create_lockpath that lets unprivileged users modify or delete files by exploiting the LOCKPATH handling. The issue affects the insecure handling of the temporary directory, noted as a result of an incomplete fix for CVE-2008-1569, and is discussed...

CVE-2008-0196

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the page parameter to certain PHP scripts under wp-admin/ or 2 the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path...

Microsoft DirectX SAMI及WAV/AVI文件解析远程代码执行漏洞（MS07-064）

BUGTRAQ ID: 26804,26789 CVECAN ID: CVE-2007-3901,CVE-2007-3895 Microsoft DirectX是Windows操作系统中的一项功能，流媒体在玩游戏或观看视频时通过这个功能支持图形和声音。 Microsoft DirectX处理畸形格式的媒体文件时存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 集成DirectX技术的Microsoft DirectShow没有对Synchronized Accessible Media...

openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-1698)

Following security problems were found in OpenOfficeorg : - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. The user will not be asked or notified and the macro will have full access...

CVE-2004-2698

Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service IMWheel crash and possibly modify arbitrary files via a symlink attack on the imwheel.pid file...

CVE-2004-2698

Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service IMWheel crash and possibly modify arbitrary files via a symlink attack on the imwheel.pid file...

Cross site scripting

Adobe Integrated Runtime AIR, aka Apollo allows context-dependent attackers to modify arbitrary files within an executing .air file compiled AIR application and perform cross-site scripting XSS attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that...

CVE-2007-3640

Adobe Integrated Runtime AIR, aka Apollo allows context-dependent attackers to modify arbitrary files within an executing .air file compiled AIR application and perform cross-site scripting XSS attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that...

CVE-2007-3640

Adobe Integrated Runtime (AIR, also known as Apollo) is affected by CVE-2007-3640. The issue allows context-dependent attackers to modify arbitrary files inside an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, demonstrated by an app that modifies a...

CVE-2007-3640

Adobe Integrated Runtime AIR, aka Apollo allows context-dependent attackers to modify arbitrary files within an executing .air file compiled AIR application and perform cross-site scripting XSS attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that...

Portcullis Security Advisory 06-034

Portcullis Security Advisory 06-034 Vulnerable System: Movable Type Vulnerability Title: The blog directory path can be set to any arbitrary directory path during the creation of new blogs. Vulnerability discovery and development: Portcullis Security Testing Services. Credit for Discovery: Tim...

Hung it to the way and the system determines whether the code-vulnerability warning-the black bar safety net

A:The frame hanging horse iframe src=address width=0 height=0/iframe II:the js file hanging horse First, the following code document. write"iframe width='0' height='0' src='address'/iframe"; 保存 为 xxx.js that The JS hung it to the code script language=javascript src=xxx. js/script Three:js...