6878 matches found
libsndfile heap buffer overflow vulnerability
libsndfile is a C library developed by software developer Erik de Castro Lopo that reads and writes audio files in AIFF, AU, and WAV formats through standard interfaces. A heap buffer overflow vulnerability exists in libsndfile version 1.0.25. A remote attacker can exploit the vulnerability by...
AMD fglrx-driver Incomplete Fix Insecure File Creation Elevation of Privilege Vulnerability
AMD fglrx-driver is a set of fglrx drivers from AMD USA. An elevation of privilege vulnerability exists in AMD fglrx-driver. An attacker could exploit this vulnerability to perform a symbolic link attack to overwrite arbitrary files in an affected application with elevated privileges...
DSA-3388-1 ntp - security update
Bulletin has no description...
CVE-2002-2210
The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAMEautoresponse.conf temporary file...
CVE-2007-0650
Buffer overflow in the opensty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the...
NTP Arbitrary File Overwrite Vulnerability
NTP Network Time Protocol is a network protocol that synchronizes the clocks of two computers by exchanging packets. A security vulnerability exists in NTP versions prior to 4.2.8p4 and 4.3.x prior to 4.3.77. Since the program allows unlimited pidfile and driftfile paths to be set using the :conf...
Multiple Arbitrary File Overwrite Vulnerabilities in NTP
Network Time Protocol is a protocol used to synchronize a computer's time to its server or clock source e.g., quartz clock, GPS, etc.. The NTP :config command can set the pidfile and driftfile paths without restriction, allowing remote attackers to exploit this vulnerability to overwrite files on...
Mozilla Maintenance Service Log File Overwrite Elevation of Privilege
Source: https://code.google.com/p/google-security-research/issues/detail?id=427&can=1 Mozilla Maintenance Service: Log File Overwrite Elevation of Privilege Platform: Windows Version: Mozilla Firefox 38.0.5 Class: Elevation of Privilege Summary: The maintenance service creates a log file in a use...
Mozilla Firefox < 40.0 Multiple Vulnerabilities
Binary data 8856.prm...
MGASA-2015-0348 Updated ntp packages fix security vulnerabilities
Updated ntp packages fix security vulnerability: A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if the attacker had authenticated access to remote ntpd configuration CVE-2015-5146. It was...
Updated ntp packages fix security vulnerabilities
Updated ntp packages fix security vulnerability: A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if the attacker had authenticated access to remote ntpd configuration CVE-2015-5146. It was...
Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director
Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable. The vulnerability affects the Cisco Integrated Management Controlled Supervisor and UCS Director software. The...
Amazon Linux AMI : ntp (ALAS-2015-593)
As discussed upstream, a flaw was found in the way ntpd processed certain remote configuration packets. Note that remote configuration is disabled by default in NTP. CVE-2015-5146 It was found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A...
Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability
Cisco Integrated Management Controller IMC Supervisor and Cisco UCS Director contain a remote file overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary system files, resulting in system instability or a denial of service DoS condition. Cisco has...
Low: ntp
Issue Overview: As discussed upstream http://support.ntp.org/bin/view/Main/SecurityNoticeJune2015NTPSecurityVulnerabi, a flaw was found in the way ntpd processed certain remote configuration packets. Note that remote configuration is disabled by default in NTP. CVE-2015-5146 It was found that the...
Evernote < 5.8.1 ActiveX Control Arbitrary File Overwrite
The version of Evernote installed on the remote Windows host is prior to 5.8.1. It is, therefore, affected by an arbitrary file overwrite vulnerability in the EvernoteIE.dll ActiveX control due to using the writeFileContent, LoadFile, and ReadFileContent methods in an insecure manner. A remote,...
Firefox < 40 Multiple Vulnerabilities
The version of Firefox installed on the remote Windows host is prior to 40. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist that allow a remote attacker, via a specially crafted web page, to corrupt memory and potentially execute arbitrary...
Mozilla Firefox ESR < 38.2
The version of Firefox ESR installed on the remote Windows host is prior to 38.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2015-83 advisory. - crash in @ stagefright::SampleTable::isValid with h264 mp4CVE-2015-4480 CVE-2015-4480 - MPEG4 saio Chunk Integer...
Atlassian JIRA < 5.1.5 SOAP API Arbitrary File Overwrite
According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to version 5.1.5. It is, therefore, potentially affected by an arbitrary file overwrite vulnerability in the SOAP API used by JIRA. A remote, unauthenticated attacker can exploit...
Fortinet FortiClient SSLVPN Linux Client Local Privilege Vulnerability
Fortinet FortiClient is a Fortinet security software solution for endpoints that provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication, etc. FortiClient SSLVPN Linux client is a Linux client software for SSL VPN Virtual Private Network products...