Tomcat: Multiple vulnerabilities

Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description The following vulnerabilities were reported: Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web...

FLABER <= 1.1 RC1 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================== FLABER " . $FILENAME . " Incorrect parameter targetfile."; 18. exit; 19. 20. 21. 22. $targetfile = "../" . $targetfile; 23. 24. // if it is a file 25. if isfile $targetfile 26. 27. if...

Information disclosure

The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained...

CVE-2008-1620

Directory traversal vulnerability in 2X TFTP service TFTPd.exe 3.2.0.0 and earlier in 2X ThinClientServer 5.0sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... dot dot dot in the filename...

Design/Logic Flaw

The 1 ltmmCaptureCtrl Class, 2 ltmmConvertCtrl Class, and 3 ltmmPlayCtrl Class ActiveX controls ltmm15.dll 15.1.0.17 and earlier in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method...

CVE-2008-1605

The 1 ltmmCaptureCtrl Class, 2 ltmmConvertCtrl Class, and 3 ltmmPlayCtrl Class ActiveX controls ltmm15.dll 15.1.0.17 and earlier in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method...

CVE-2008-1605

CVE-2008-1605 affects LEADTOOLS Multimedia Toolkit 15 ActiveX controls (ltmmCaptureCtrl, ltmmConvertCtrl, ltmmPlayCtrl in ltmm15.dll

CVE-2008-1605

The 1 ltmmCaptureCtrl Class, 2 ltmmConvertCtrl Class, and 3 ltmmPlayCtrl Class ActiveX controls ltmm15.dll 15.1.0.17 and earlier in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method...

LeadTools MultiMedia 15 - &#039;LTMM15.dll&#039; ActiveX Control Arbitrary File Overwrite

source: https://www.securityfocus.com/bid/28442/info LEADTOOLS Multimedia is prone to multiple vulnerabilities that allow attackers to overwrite arbitrary files. These issues affect multiple ActiveX controls. An attacker can exploit these issues by enticing an unsuspecting victim to view a...

GLSA-200803-27 : MoinMoin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-27 MoinMoin: Multiple vulnerabilities Multiple vulnerabilities have been discovered: A vulnerability exists in the file wikimacro.py because the macroGetval function does not properly enforce ACLs CVE-2008-1099. A directory...

CVE-2008-1322

The CVE-2008-1322 issue affects ASG-Sentry Network Manager, specifically the File Check Utility (fcheck.exe) bundled with versions up to 7.0.0. The connected Nessus entry documents that fcheck.exe fails to sanitize input when creating index files, allowing an unauthenticated remote attacker to ov...

GLSA-200803-13 : VLC: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-13 VLC: Multiple vulnerabilities Multiple vulnerabilities were found in VLC: Michal Luczaj and Luigi Auriemma reported that VLC contains boundary errors when handling subtitles in the ParseMicroDvd, ParseSSA, and ParseVplay...

Code injection

acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling...

CVE-2008-0883

Adobe Acrobat Reader (acroread) 8.1.2 is affected by CVE-2008-0883 due to an insecure temporary-file creation in the startup/SSL-related handling, enabling a local attacker to overwrite arbitrary files via a symlink attack. Affected component: acroread wrapper script; root cause is insecure tempo...

CVE-2008-0930

wediteur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information...

Symantec Backup Exec调度程序ActiveX栈溢出及文件覆盖漏洞

BUGTRAQ ID: 28008,26904 CVECAN ID: CVE-2007-6016,CVE-2007-6017 Symantec Backup Exec是一款全面的数据备份解决方案。 Symantec Backup Exec for Windows Server（BEWS）的调度程序组件所安装的ActiveX控件中存在多个栈溢出和不安全函数调用漏洞，远程攻击者可能利用此漏洞控制用户系统。...

CVE-2007-6017

The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server BEWS 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of servi...

CVE-2007-6017

The PVATLCalendar.PVCalendar.1 ActiveX control (pvcalendar.ocx) in the Media Server component of Symantec Backup Exec for Windows Server (BEWS) 11d/12.0 exposes an unsafe Save method. The vulnerability allows a remote attacker to cause a denial of service (browser crash) or to create/overwrite ar...

CVE-2008-0806

wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.USERID temporary file...

DEBIAN-CVE-2008-0806

wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.USERID temporary file...