CVE-2017-1452

CVE-2017-1452 affects IBM DB2 LUW (Linux/UNIX/Windows) including DB2 Connect Server and allows a local user to escalate privileges and overwrite DB2 files. Affected: DB2 9.7, 10.1, 10.5, 11.1; Windows is noted as not vulnerable in one bulletin. Base score ~6.7 (CVSS v3.0) with local, high-impact ...

Cisco IOS XE Software Arbitrary File Overwrite Vulnerability

Cisco ASR 920 Series Aggregation Services Routers are Cisco's ASR 920 series of multifunction routers.Cisco IOS XE Software is one of the operating systems dedicated to network devices. A security vulnerability exists in the USB-modem code of the IOS XE Software in the Cisco ASR 920 Series...

CVE-2017-6795

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper inpu...

Cisco IOS XE Software for Cisco ASR 920 Series Routers Arbitrary File Overwrite Vulnerability

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper inpu...

kamailio /tmp/kamailio_fifo Insecure Temporary File Creation Vulnerability

kamailio is an open source GPL-based SIP Session Initiation Protocol, Session Initiation Protocol server . A security vulnerability exists in /tmp/kamailiofifo in kamailio version 4.0.1. A remote attacker can exploit this vulnerability to perform a symbolic link attack, overwrite arbitrary files,...

Debian DSA-3966-1 : ruby2.3 - security update

Multiple vulnerabilities were discovered in the interpreter for the Ruby language : - CVE-2015-9096 SMTP command injection in Net::SMTP. - CVE-2016-7798 Incorrect handling of initialization vector in the GCM mode in the OpenSSL extension. - CVE-2017-0900 Denial of service in the RubyGems client. ...

RubyGems 2.6.13 - Arbitrary File Overwrite

RubyGems 2.6.13 - Arbitrary File Overwrite There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a...

Debian: Security Advisory (DSA-3966-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RubyGems < 2.6.13 - Arbitrary File Overwrite Exploit

Exploit for linux platform in category local exploits There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file...

RubyGems &lt; 2.6.13 - Arbitrary File Overwrite

There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...

Design/Logic Flaw

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...

CVE-2017-0901

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...

DEBIAN-CVE-2017-0901

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...

CVE-2017-0901

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...

CVE-2017-0901

RubyGems 2.6.12 and earlier are vulnerable to CVE-2017-0901: the gem installer does not properly validate specification names, potentially allowing a malicious gem to overwrite arbitrary files on the filesystem. Root cause is insufficient validation of gem specifications. The advisory notes remed...

[SECURITY] [DLA 1072-1] mercurial security update

Package : mercurial Version : 2.2.2-4+deb7u5 CVE ID : CVE-2017-1000115 CVE-2017-1000116 Debian Bug : 871709 871710 Two significant vulnerabilities were found in the Mercurial version control system which could lead to shell injection attacks and out-of-tree file overwrite. CVE-2017-1000115...

RubyGems Local Arbitrary File Rewrite Vulnerability

RubyGems is a Ruby package manager from the RubyGems organization, which is used to distribute and manage Ruby packages. A security vulnerability exists in RubyGems 2.6.12 and earlier versions that stems from the program not validating specification names. An attacker can exploit the vulnerabilit...

UBUNTU-CVE-2017-0901

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...

FlightGear Arbitrary File Overwrite Vulnerability

FlightGear is an open source multi-platform flight simulator. The main goal is to create a cutting-edge flight simulator framework for the academic research field, which can also be extended to flight training, flight simulation, flight simulation games, etc. FGLogger subsystem is one of the logg...

Unspecified vulnerability in mktexlsr

mktexlsr is a library for generating catalogs. A security vulnerability exists in mktexlsr revision 36855 and versions prior to revision 36626. A local attacker can exploit this vulnerability to overwrite arbitrary files via a symbolic link attack...