CVE-2017-1000197

CVE-2017-1000197 affects October CMS 1.x build 412, where the asset move function allows file path modification, enabling creation of malicious files on the server. Root cause centers on insecure path handling during asset operations. NVD metrics show CVSSv2 7.5 (HIGH) and CVSSv3 9.8 (CRITICAL) w...

October CMS File Path Modification Vulnerability

OctoberCMS is a CMS system based on Laravel PHP development framework. A file path modification vulnerability exists in the asset movement feature of October CMS build 412. An attacker can exploit this vulnerability to create malicious files on the server...

Ulterius Server < 1.9.5.0 - Directory Traversal

Exploit Title: Ulterius Server 1.9.5.0 Directory Traversal Arbitrary File Access Date: 11/13/2017 Exploit Author: Rick Osgood Vendor Homepage: https://ulterius.io/ Software Link: https://github.com/Ulterius/server/tree/0e4f2113da287aac88a8b4c5f8364a03685d393d Version: 1.9.5.0 Tested on: Windows...

CVE-2017-11511

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files...

UBUNTU-CVE-2017-16667

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

SUSE-SU-2017:2951-1 Security update for perl

This update for perl fixes the following issues: Security issue fixed: - CVE-2017-6512: Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic...

CVE-2017-6165

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between...

E-Sic Software livre CMS 'q' Parameter SQL Injection Vulnerability

E-Sic is a Brazilian electronic system for citizen information. A SQL injection vulnerability exists in E-Sic version 1.0. A remote attacker can exploit the vulnerability by sending the 'q' parameter to the file esiclivre/restrito/inc/lkpcep.php to execute arbitrary SQL commands...

Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal

Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...

Red Hat FreeIPA Arbitrary Certificate Issuance Vulnerability

Red Hat FreeIPA is an integrated security information management solution from Red Hat, Inc. The solution provides an easy-to-manage identity, policy and audit IPA suite for Linux and Unix computer networks. A security vulnerability in ipa-kra-install in Red Hat FreeIPA versions prior to 4.2.2...

Input validation

Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary fi...

The vulnerability of the browser plugin for the remote monitoring software Advantech WebAccess allows a perpetrator to execute arbitrary code.

The vulnerability of the web browser plugin of the remote monitoring software Advantech WebAccess is related to external control via a filename or file path. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

GLSA-201709-12 : Perl: Race condition vulnerability

The remote host is affected by the vulnerability described in GLSA-201709-12 Perl: Race condition vulnerability A race condition occurs within concurrent environments. This condition was discovered by The cPanel Security Team in the rmtree and removetree functions in the File-Path module before...

Perl: Race condition vulnerability

Background File::Path module provides a convenient way to create directories of arbitrary depth and to delete an entire directory subtree from the filesystem. Description A race condition occurs within concurrent environments. This condition was discovered by The cPanel Security Team in the rmtre...

Cougar-LG Insecure Configuration File Path Vulnerability

Cougar-LG is a set of web applications written in Perl for connecting to a router or console. A security vulnerability exists in Cougar-LG. A remote attacker could exploit this vulnerability to obtain credentials...

Cougar-LG Insecure File Path Vulnerability

Cougar-LG is a set of web applications written in Perl for connecting to a router or console. A security vulnerability exists in the lg.pl file in Cistron-LG 1.01. A remote attacker could use this vulnerability to obtain IP addresses and other router credentials...

UBUNTU-CVE-2013-7426

Insecure Temporary file vulnerability in /tmp/kamailiofifo in kamailio 4.0.1...

DEBIAN-CVE-2015-8621

t-coffee before 11.00.8cbe486-2 allows local users to write to /.tcoffee globally...

Fedora 26 : perl-File-Path (2017-4e981a51e6)

This release fixes a possible setting arbitrary mode on an arbitrary file in rmtree and removetree calls known as CVE-2017-6512. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically...

ExpressionEngine: Image lib - unescaped file path

Under ./system/ee/legacy/libraries/Imagelib.php There are function from CodeIgniter to manipulate images. The issue is that the PHP function exec is used two times in two different functions: imageprocessimagemagick and imageprocessnetpbm In both cases the fullsrcpath and fulldstpath are given...