Puppet Symlink File Overwrite

According to its self-reported version number, the Puppet install on the remote host is potentially affected by an error related to temporary files and their use. A local attacker could potentially use a symlink attack to overwrite arbitrary files. %NASLMINLEVEL 70300 C Tenable Network Security,...

CVE-2014-0809

CVE-2014-0809 concerns Gapless Player’s Android app, SimZip (Simple Zip Viewer). The vulnerability is a directory traversal in processing file names that allows a remote, unauthenticated attacker to create or overwrite arbitrary files in the app’s accessible directories. Affected versions are Sim...

CVE-2013-2142

userpref.c in libimobiledevice 1.1.4, when $HOME and $XDGCONFIGHOME are not set, allows local users to overwrite arbitrary files via a symlink attack on 1 HostCertificate.pem, 2 HostPrivateKey.pem, 3 libimobiledevicerc, 4 RootCertificate.pem, or 5 RootPrivateKey.pem in...

Code injection

userpref.c in libimobiledevice 1.1.4, when $HOME and $XDGCONFIGHOME are not set, allows local users to overwrite arbitrary files via a symlink attack on 1 HostCertificate.pem, 2 HostPrivateKey.pem, 3 libimobiledevicerc, 4 RootCertificate.pem, or 5 RootPrivateKey.pem in...

CVE-2013-2142

userpref.c in libimobiledevice 1.1.4, when $HOME and $XDGCONFIGHOME are not set, allows local users to overwrite arbitrary files via a symlink attack on 1 HostCertificate.pem, 2 HostPrivateKey.pem, 3 libimobiledevicerc, 4 RootCertificate.pem, or 5 RootPrivateKey.pem in...

CVE-2014-0802

Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors...

CVE-2014-0803

Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Androi...

NeoFiler vulnerable to directory traversal

Overview NeoFiler provided by SkyArts.com contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

Security File Manager vulnerable to directory traversal

Overview Security File Manager provided by CGENE Inc contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

tetra filer vulnerable to directory traversal

Overview tetra filer provided by Yuichiro Okuyama contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

JVN#44392991: Security File Manager vulnerable to directory traversal

Security File Manager provided by CGENE Inc contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has...

CVE-2013-4969

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise PE before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files...

CVE-2013-4969

CVE-2013-4969 affects Puppet before 3.3.3 and 3.4 before 3.4.1, and Puppet Enterprise before 2.8.4 and 3.1 before 3.1.1, allowing local users to overwrite arbitrary files via a symlink attack. Connected advisories indicate fixes with Puppet packages updated to 2.7.25 (e.g., Mageia MDVSA-2014:040 ...

CVE-2013-6402

base/pkit.py in HP Linux Imaging and Printing HPLIP through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file...

CVE-2013-6402

base/pkit.py in HP Linux Imaging and Printing HPLIP through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file...

CVE-2013-4969

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise PE before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files...

CVE-2013-6795

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...

DEBIAN-CVE-2013-4400

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments...

Command injection

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments...

CVE-2013-4400

CVE-2013-4400 affects libvirt up to 1.1.3 (1.1.2–1.1.3). Local users can overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments in virt-login-shell. Public references in multiple advisories confirm affected versions and a need to upg...