CVE-2018-1448

CVE-2018-1448 affects IBM Db2 for Linux/UNIX/Windows (including Db2 Connect Server) and can allow a local attacker to overwrite arbitrary files owned by the DB2 instance owner. Affected versions include 9.7, 10.1, 10.5, and 11.1. IBM X-Force ID: 140043. The risk is described as high (base CVSS v3...

Pivotal Spring Boot Elevation of Privilege Vulnerability

Pivotal Spring Boot is the U.S. Pivotal Software, Inc. of a new framework used to simplify the initial setup of new Spring applications as well as the development process. A security vulnerability exists in Pivotal Spring Boot versions 1.5.0 through 1.5.9 and 2.0.0.M1 through 2.0.0.M7. An attacke...

Arbitrary File Overwrite Through Symlink Attack

terminal-share is vulnerable to arbitrary file overwrite through symlink attacks. The vulnerability exists due to the creation of the hardcoded /tmp/test11 file found in index.js. This allows an unprivileged user of the shared machine to overwrite a privileged file by creating a symbolic link fil...

Apache ODE Override Vulnerability

Apache ODE is the United States Apache Apache Software Foundation , a business process building engine , it has to communicate with Web services , send and receive messages , handle data manipulation and error recovery functions . A security vulnerability exists in Apache ODE. An attacker could...

cryptctl file overwrite vulnerability

cryptctl is an open source disk encryption utility. The program sets up LUKS-based disk encryption using a randomly-generated secret key, which is kept in a dedicated secret key server. A security vulnerability exists in versions prior to cryptctl 2.0. An attacker can exploit the vulnerability by...

CVE-2017-9270

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database...

CVE-2017-9270

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database...

CVE-2017-9270

CVE-2017-9270 affects cryptctl prior to version 2.0. A vulnerability in the cryptctl RPC handling allows a malicious server to send RPC requests that overwrite files outside of the cryptctl key database. Impact is arbitrary file writes outside the key DB; exploit status is not detailed in the pro...

rubygems: Arbitrary file overwrite due to incorrect validation of specification name

It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory...

Leptonica Arbitrary File Overwrite Vulnerability

Leptonica is an open source system for image processing and image analysis applications. A security vulnerability exists in Leptonica 1.75.3 and earlier versions. A local attacker can exploit the vulnerability to overwrite arbitrary files...

CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

Path traversal

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

UBUNTU-CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

DEBIAN-CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

DEBIAN-CVE-2018-7441

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...

PT-2018-18074 · Dan Bloomberg +1 · Leptonica +1

Name of the Vulnerable Software and Affected Versions: Leptonica versions prior to 1.75.4 Description: The issue allows local users to potentially overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, due to the use of hardcoded /tmp...

CVE-2018-7442

CVE-2018-7442 affects Leptonica up to 1.75.3 where gplotMakeOutput does not block '/' in the gplot rootname, enabling path traversal and arbitrary file overwrite. The vulnerability is reachable remotely (CVSS says NETWORK) with no authentication required and no user interaction. Impact per source...

CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

CVE-2018-7441

Leptonica library (CVE-2018-7441): through version 1.75.3, it uses hardcoded /tmp pathnames, enabling local users to overwrite arbitrary files or cause other impact via pre-created files or a race condition (example: /tmp/junk_split_image.ps in prog/splitimage2pdf.c). Affected packages include Le...