6871 matches found
nginx WebDAV Multiple Directory Traversal Vulnerabilities
nginx is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holder...
EnjoySAP Arbitrary File Overwrite
Digital Security Research Group DSecRG Advisory DSECRG-09-044 Application: EnjoySAP, SAP GUI for Windows 6.4 and 7.1 Versions Affected: Tested on 7100.2.7.1038 PL 7 Vendor URL: http://SAP.com Bugs: insecure method, File owervriting Exploits: YES Reported: 02.07.2009 Vendor response: 02.07.2009 Da...
EnjoySAP 6.4 7.1 File Overwrite
No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-09-044 Application: EnjoySAP, SAP GUI for Windows 6.4 and 7.1 Versions Affected: Tested on 7100.2.7.1038 PL 7 Vendor URL: http://SAP.com Bugs: insecure method, File owervriting Exploits: YES Reported:...
EnjoySAP 6.4, 7.1 File Overwrite
Exploit for unknown platform in category remote exploits ================================ EnjoySAP 6.4, 7.1 File Overwrite ================================ Title: EnjoySAP 6.4, 7.1 File Overwrite CVE-ID: OSVDB-ID: Author: Sh2kerr Published: 2009-09-28 Verified: yes view source print? Digital...
FlexCell Grid FlexCell.Grid ActiveX Control Multiple Method Arbitrary File Overwrite
The remote host contains the FlexCell.Grid ActiveX control, a component of the FlexCell grid control software. The version of the control installed on the remote host reportedly fails to validate input to the 'File' argument of the 'SaveFile' and 'ExportToXML' methods before writing to the...
DSA-1897-1 horde3 - arbitrary code execution
Bulletin has no description...
Debian和Ubuntu Postfix不安全临时文件建立漏洞
Bugraq ID: 36469 CVE ID:CVE-2009-2939 Postfix是一款开放源代码的邮件传输代理,运行在不同类型的UNIX系统上。 Debian和Ubuntu包含的Postfix不安全建立临时文件,本地攻击者可以利用漏洞以应用程序权限覆盖任意文件。 Wietse Venema发现Debian和Ubuntu把/var/spool/postfix/pid的权限设置为postfix:root 0755,这允许postfix用户操作pid文件并通过符号链接攻击覆盖任意文件。 Wietse Venema Postfix 2.5.5 Ubuntu Ubuntu Linux...
SuSE9 Security Update : id3lib (YOU Patch Number 11786)
This update fixes a bug that allows local attackers to overwrite arbitrary files. CVE-2007-4460 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41150;...
Design/Logic Flaw
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...
Installshield 2009 15.0.0.53 Premier - ISWiAutomation15.dll ActiveX Arbitrary File Overwrite
Installshield 2009 15.0.0.53 Premier - ISWiAutomation15.dll ActiveX Arbitrary File Overwrite source: https://www.securityfocus.com/bid/43857/info InstallShield 2009 Premier ActiveX control is prone to an arbitrary-file-overwrite vulnerability. Attackers can overwrite arbitrary files on the victim...
Installshield 2009 15.0.0.53 Premier - 'ISWiAutomation15.dll' ActiveX Arbitrary File Overwrite
source: https://www.securityfocus.com/bid/43857/info InstallShield 2009 Premier ActiveX control is prone to an arbitrary-file-overwrite vulnerability. Attackers can overwrite arbitrary files on the victim's computer in the context of the vulnerable application typically Internet Explorer using th...
IBM AIX 5.6/6.1 _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
No description provided by source. !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi [email protected] Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/...
GLSA-200909-17 : ZNC: Directory traversal
The remote host is affected by the vulnerability described in GLSA-200909-17 ZNC: Directory traversal The vendor reported a directory traversal vulnerability when processing DCC SEND requests. Impact : A remote, authenticated user could send a specially crafted DCC SEND request to overwrite...
CVE-2009-3181
Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite arbitrary files via a .. dot dot in the customizetemplate parameter in a direct request to admin/settemplate.php...
CVE-2009-3181
CVE-2009-3181 affects Anantasoft Gazelle CMS 1.0. A directory traversal flaw enables remote attackers to overwrite arbitrary files through a .. (dot dot) in the customizetemplate parameter in a direct request to admin/settemplate.php. Impact and exploitability are stated in the CVE description (o...
IBM AIX 5.6/6.1 _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
Exploit for aix platform in category local exploits ===================================================================== IBM AIX 5.6/6.1 LIBINITDBG Arbitrary File Overwrite via Libc Debug ===================================================================== !/bin/sh $Id: raptorlibC,v 1.1...
IBM AIX 5.6/6.1 File Overwrite
!/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/ http://lab.mediaservice.net/ DON'T RUN THIS UNLESS YOU KNOW...
GNOME glib符号链接任意文件访问漏洞
Bugraq ID: 36313 GLib是一款GTK+和GNOME工程的基础底层核心程序库,是综合用途的轻量级的C程序库。 GNOME glib存在竞争条件问题,可导致任意文件访问或覆盖系统文件。 1,针对想要更改权限的文件或文件夹建立一个符号链接touch /testfile && ln -s /testfile /testlink。 2,使用Nautilus拷贝符号链接到任意地方ctrl+c && ctrl+v。 3,检查符号连接的文件或文件夹的权限。 结果可导致符号连接的文件或文件夹的权限已更改为777drwxrwxrwx user:user。 GNOME glib 2.16.4...
IBM AIX 5.66.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
IBM AIX 5.66.1 - LIBINITDBG Arbitrary File Overwrite via Libc Debug !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi Property of @ Mediaservice.net Srl Data Security Division...
IBM AIX 5.6/6.1 - '_LIB_INIT_DBG' Arbitrary File Overwrite via Libc Debug
!/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/ http://lab.mediaservice.net/ DON'T RUN THIS UNLESS YOU KNOW...