Multiple Vulnerabilities in Clever Internet ActiveX Suite CLINetSuiteX6.OCX

ActiveX controls, formerly called OLE controls or OCX controls, are software components or objects that can be inserted into Web pages or other applications. An arbitrary file download and overwrite vulnerability exists in Clever Internet ActiveX Suite CLINetSuiteX6.OCX. The vulnerability could b...

McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite - Ver2 (CVE-2005-3657)

The McAfee Security Center application is meant to allow users to set preferences and settings for numerous installed McAfee components and services, such as the anti-virus component VirusScan, the Personal Firewall Plus, the Privacy Service, or the SpamKiller component. The Security Control Cent...

McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite - Ver2 (CVE-2005-3657)

The McAfee Security Center application is meant to allow users to set preferences and settings for numerous installed McAfee components and services, such as the anti-virus component VirusScan, the Personal Firewall Plus, the Privacy Service, or the SpamKiller component. The Security Control Cent...

ManageEngine OpManager Multiple Vulnerabilities (Feb 2015) - Active Check

ManageEngine OpManager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ppc64-diag: multiple temporary file races

Multiple insecure temporary file use flaws were found in the way the ppc64-diag utility created certain temporary files. A local attacker could possibly use either of these flaws to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running ppc64-diag, or...

VideoLAN libbluray Directory Traversal Vulnerability

VideoLAN VLC media player is the multimedia player of VideoLAN program. A directory traversal vulnerability exists in VideoLAN libbluray due to the program failing to adequately filter user-supplied input. A remote attacker could use a directory traversal sequence of specially crafted requests '...

SAP Business Objects Unauthorized File Repository Server Write

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security AdvisoryONAPSIS-2015-003: SAP Business Objects Unauthorized File Repository Server Write via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to overwri...

AL-Mail32 vulnerable to directory traversal

Overview AL-Mail32 provided by CREAR Corporation is an email client for Windows. AL-Mail32 contains a directory traversal vulnerability due to a flaw in processing attachments. Yosuka HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

CVE-2015-1197

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...

openSUSE Security Update : patch (openSUSE-SU-2015:0199-1)

This update fixes the following security issue : + Security fix for a directory traversal flaw when handling git-style patches. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch. boo913678 CVE-2015-1196 This update fixes the following issues : + When ...

Arbitrary files may be overwritten in multiple VMware products

Overview Multiple products provided by VMware Inc. contain a vulnerability where arbitrary files on the host OS may be overwritten. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user...

OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807)

Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack...

kgb directory traversal vulnerability

KGB is a free compression tool with high compression ratio. A directory traversal vulnerability exists in kgb, which can be exploited by a remote attacker to overwrite arbitrary files under the application using a specially crafted request with a directory traversal sequence '... /' to overwrite...

RHEL 6 : Red Hat Storage 2.0 security, update #6 (Low) (RHSA-2013:1205)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1205 advisory. Red Hat Storage is a software only, scale-out storage solution that provides flexible and agile unstructured data storage for the enterprise. Multipl...

Jenkins < 1.583 / 1.565.3 and Jenkins Enterprise 1.532.x / 1.554.x / 1.565.x < 1.532.10.1 / 1.554.10.1 / 1.565.3.1 Multiple Vulnerabilities

The remote web server hosts a version of Jenkins open source or CloudBees Jenkins Enterprise that is affected by multiple vulnerabilities : - An error exists related to file upload processing that allows a remote attacker to overwrite arbitrary files. CVE-2013-2186 - An input validation error...

USN-2393-1 wget vulnerability

HD Moore discovered that Wget contained a path traversal vulnerability when downloading symlinks using FTP. A malicious remote FTP server or a man in the middle could use this issue to cause Wget to overwrite arbitrary files, possibly leading to arbitrary code execution...

MGASA-2014-0390 Updated perl-XML-DT package fix CVE-2014-5260

Updated perl-XML-DT package fixes security vulnerability: The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow local users to overwrite arbitrary files via a symlink attack on a /tmp/xml temporary file CVE-2014-5260...

SLFileManager for Android vulnerable to directory traversal

Overview SLFileManager provided by S-Link, Inc. contains a flaw in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Mandriva Linux Security Advisory : php (MDVSA-2014:172)

Multiple vulnerabilities has been discovered and corrected in php : The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted color table in an XPM fil...

MGASA-2014-0367 Updated php packages fix multiple security vulnerabilities

Updated php packages fix security vulnerabilities: Integer overflow in the cdfreadpropertyinfo function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service application crash via a craft...