6871 matches found
CVE-2010-1160
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim...
CVE-2010-1160
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim...
DEBIAN-CVE-2010-1160
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim...
CVE-2010-1160
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim...
SuSE9 Security Update : Tomcat (YOU Patch Number 12585)
This update of tomcat5/6 fixes : - CVSS v2 Base Score: 5.8. CVE-2009-2693 - CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file. CVE-2009-2902 - CVSS v2 Base Score: 4.3 When autoDeploy is...
openSUSE Security Update : tomcat6 (tomcat6-2000)
This update of tomcat5/6 fixes : - CVE-2009-2693: CVSS v2 Base Score: 5.8 CVE-2009-2902: CVSS v2 Base Score: 4.3 Directory traversal vulnerability allowed remote attackers to create or overwrite arbitrary files/dirs with a specially crafted WAR file. - CVE-2009-2901: CVSS v2 Base Score: 4.3 When...
openSUSE Security Update : cifs-mount (cifs-mount-2128)
With enabled 'wide links' samba follows symbolic links on the server side, therefore allowing clients to overwrite arbitrary files CVE-2010-0926. This update changes the default setting to have 'wide links' disabled by default. The new default only works if 'wide links' is not set explicitly in...
CVE-2010-0156
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/daemonout, 2 /tmp/puppetdoc.txt, 3 /tmp/puppetdoc.tex, or 4 /tmp/puppetdoc.aux temporary file...
CVE-2010-0156
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/daemonout, 2 /tmp/puppetdoc.txt, 3 /tmp/puppetdoc.tex, or 4 /tmp/puppetdoc.aux temporary file...
Debian DSA-1897-1 : horde3 - insufficient input sanitization
Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The HordeFormTypeimage form element allows to reuse a...
tomcat: unexpected file deletion and/or alteration
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. dot dot in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry...
TVUPlayer 2.4.4.9beta1 - PlayerOcx.ocx ActiveX Control Arbitrary File Overwrite
TVUPlayer 2.4.4.9beta1 - PlayerOcx.ocx ActiveX Control Arbitrary File Overwrite source: https://www.securityfocus.com/bid/39956/info TVUPlayer ActiveX control is prone to a vulnerability that lets attackers overwrite arbitrary local files on the victim's computer in the context of the vulnerable...
TVUPlayer 2.4.4.9beta1 - 'PlayerOcx.ocx' ActiveX Control Arbitrary File Overwrite
source: https://www.securityfocus.com/bid/39956/info TVUPlayer ActiveX control is prone to a vulnerability that lets attackers overwrite arbitrary local files on the victim's computer in the context of the vulnerable application, typically Internet Explorer, using the ActiveX control. TVUPlayer...
CVE-2009-4013
Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving 1 control field names, 2 control field values, and 3 control file...
Mort Bay Jetty 6.0.0 - 7.0.0 Multiple Vulnerabilities - Active Check
Mort Bay Jetty is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"; ifdescriptio...
SuSE Update for kernel SUSE-SA:2010:001
Check for the Version of kernel OpenVAS Vulnerability Test SuSE Update for kernel SUSE-SA:2010:001 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
CVE-2009-4487
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
CVE-2009-4494
AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
CVE-2009-4490
minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
CVE-2009-4493
Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...