KLA10001 Multiple vulnerabilities in Oracle Java Runtime Environment & Java Development Kit

Multiple serious vulnerabilities have been found in Oracle Java Runtime Environment & Java Development Kit: 5.61, 6.71, 7.51, 8. Malicious use of these vulnerabilities can affect confidentiality, integrity and availability, cause denial of service, obtain sensitive information or overwrite...

DEBIAN-CVE-2011-3602

Directory traversal vulnerability in device-linux.c in the router advertisement daemon radvd before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. dot dot in an interface name. NOTE: this can be leveraged with a symlink to overwrit...

DEBIAN-CVE-2010-5105

The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103...

CVE-2010-5105

The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103...

CVE-2010-5105

CVE-2010-5105 concerns Blender’s undo/quit routine (kernel level) affecting Blender versions 2.5, 2.63a and earlier. The issue allows a local attacker to overwrite arbitrary files via a symlink attack on the temporary quit.blend file, indicating a local privilege/impact vector. The root cause is ...

CVE-2013-4116

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

CVE-2012-0871

The sessionlinkx11socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/...

Design/Logic Flaw

The sessionlinkx11socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/...

AndExplorer vulnerable to directory traversal

Overview AndExplorer provided by LYSESOFT contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

CVE-2014-1932

The 1 loaddjpeg function in JpegImagePlugin.py, 2 Ghostscript function in EpsImagePlugin.py, 3 load function in IptcImagePlugin.py, and 4 copy function in Image.py in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users...

Code injection

The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map...

Directory traversal

Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename...

CVE-2014-1969

CVE-2014-1969 affects the apps4u@android SD Card Manager for Android. The vulnerability is a directory traversal (CWE-22) in filename handling that may allow a remote, unauthenticated attacker to create or overwrite arbitrary files in directories the app can access. Root cause: improper processin...

Ultra Crypto Component Insecure Method Directory traversal - Ver2 (CVE-2007-4902)

A directory traversal vulnerability has been reported on Ultra Crypto. An attacker could exploit this vulnerability via full pathnames in the argument to the SaveToFile method. Successful exploitation of this vulnerability would allow a remote attacker to overwrite arbitrary files on the affected...

CVE-2014-1975

Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename...

CVE-2014-1975

CVE-2014-1975 affects Unzipper (Android) by R-Company, version 1.0.1 and earlier. It is a directory traversal vulnerability that allows a remote attacker to overwrite or create arbitrary files via a crafted filename, enabling arbitrary file write in the app’s privileges. Affected: Unzipper 1.0.1 ...

CVE-2013-0299

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that 1 change the timezone for the user via the lat and lng parameters to...

CVE-2014-1838

The 1 extractkeysfrompdf and 2 fillpdf functions in pdfext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf...

PYSEC-2014-83

The 1 extractkeysfrompdf and 2 fillpdf functions in pdfext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf...

CVE-2014-1838

The 1 extractkeysfrompdf and 2 fillpdf functions in pdfext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf...