JCraft JSch Directory Traversal Vulnerability

JCraft JSch is a set of secure channels for connecting to sshd servers from JCraft Japan. A directory traversal vulnerability exists in versions of JCraft JSch prior to 0.1.53, which can be exploited by an attacker to overwrite arbitrary files in an application by sending a request with the...

[SECURITY] [DSA 3677-1] libarchive security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3677-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2016 https://www.debian.org/security/faq -...

CentOS 7 : libarchive (CESA-2016:1844)

An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

RedHat Update for libarchive RHSA-2016:1850-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : libarchive (RHSA-2016:1844)

An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Scientific Linux Security Update : libarchive on SL7.x x86_64 (20160912)

Security Fixes : - A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...

Important: Red Hat Security Advisory: libarchive security update

An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite

A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...

libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite

A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...

libarchive security update

3.1.2-10 - Fixes variation of CVE-2016-5418: Hard links could include '..' in their path. 3.1.2-9 - Fixes CVE-2016-5418: Archive Entry with type 1 hardlink causes file overwrite 1365777 3.1.2-8 - a bunch of security fixes rhbz1353065...

Security update for karchive (important)

This update for karchive fixes the following issues: - CVE-2016-6232: A remote attacker could have been able to overwrite arbitrary files when tricking the user into downloading KDE extras such as wallpapers or Plasma Applets boo989698...

Archive-Tar-Minitar Directory Traversal Vulnerability

Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. Analogous vulnerabilities for unzip and tar: https://www.cvedetails.com/cve/CVE-2001-1268/ and http://www.cvedetails.com/cve/CVE-2001-1267/ Credit: ecneladis...

QNAP QTS 4.2.1 Build 20160601 Arbitrary File Overwrite

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-053 Product: QNAP QTS Manufacturer: QNAP Affected Versions: 4.2.1 Build 20160601 Tested Versions: 4.2.1 Build 20160601 - 4.2.2 Build 20160812 Vulnerability Type: Arbitrary file overwrite CWE-23 Risk Level: High Solution Status...

OPENSUSE-SU-2016:2223-1 Security update for karchive

This update for karchive fixes the following issues: - CVE-2016-6232: A remote attacker could have been able to overwrite arbitrary files when tricking the user into downloading KDE extras such as wallpapers or Plasma Applets boo989698...

GNU wget HTTP Redirect Arbitrary File Overwrite (CVE-2016-4971)

An arbitrary file overwrite vulnerability has been reported in the GNU wget. The vulnerability is due to wget trusting the filename provided by an FTP server when the original request is redirected from an HTTP server. A remote attacker can exploit this vulnerability by enticing a user to request...

The vulnerability of PHP software allows a malicious attacker to compromise the integrity and accessibility of protected information.

The vulnerability exists in the GD context component of PHP, due to the presence of the sequence %00 in path names. Exploiting this vulnerability allows malicious actors to overwrite arbitrary files using specially crafted input data that triggers the functions imagegd, imagegd2, imagegif,...

Debian DLA-542-1 : pidgin security update

Numerous security issues have been identified and fixed in Pidgin in Debian/Wheezy. CVE-2016-2365 MXIT Markup Command Denial of Service Vulnerability CVE-2016-2366 MXIT Table Command Denial of Service Vulnerability CVE-2016-2367 MXIT Avatar Length Memory Disclosure Vulnerability CVE-2016-2368 MXI...

Pidgin MXIT Protocol Directory Traversal Vulnerability

Pidgin is a cross-platform real-time communication client. A directory traversal vulnerability exists in the MXIT protocol handling of Pidgin version 2.10.11, which can be exploited by an attacker to overwrite a file by providing an invalid boot image name...

CVE-2016-4323

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image...

Unspecified vulnerability in wget

wget is a free and open source set of download tools that support automatic downloading of files from the web. A security vulnerability exists in wget, which stems from the program's failure to properly handle filenames when redirecting from an HTTP to an FTP URL. An attacker can exploit this...