Haystack Arq for Mac Elevation of Privilege Vulnerability

Haystack Arq for Mac is a Mac-based file backup software from Haystack Software, USA. arqupdater and others are among the components. Based on the Mac platform Haystack Arq 5.10 and the previous version of the standardrestorer binary file there is a security vulnerability. A local attacker can...

CVE-2017-16928

The arqupdater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip...

CVE-2017-16928

The arqupdater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip...

CVE-2017-16945

The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path...

CVE-2017-16601

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Debian DLA-1243-1 : xbmc security update

The Check Point Research Team discovered that the XBMC media center allows arbitrary file write when a malicious subtitle file is downloaded in zip format. This update requires the new dependency libboost-regex1.49. For Debian 7 'Wheezy', these problems have been fixed in version...

UBUNTU-CVE-2014-9485

Directory traversal vulnerability in the doextractcurrentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive...

Synology Photo Station 6.8.2-3461 Remote Code Execution

!/usr/local/bin/python """ Synology Photo Station = 6.8.2-3461 latest SYNOPHOTOFlickrMultiUpload Race Condition File Write Remote Code Execution Vulnerability Found by: mrme Tested: 6.8.2-3461 latest at the time Vendor Advisory: https://www.synology.com/en-global/support/security/SynologySA1802...

PT-2018-4304 · Minizip · Minigzip

Name of the Vulnerable Software and Affected Versions: minizip versions prior to 1.1-5 Description: The issue is related to a directory traversal vulnerability in the do extract currentfile function in miniunz.c in miniunzip. This vulnerability might allow remote attackers to write to arbitrary...

TransmissionRPC DNS Rebinding Vulnerability

Transmission is a free BitTorrent BT client developed by the Transmission project team for use on the Linux and Mac OS X platforms, which supports data encryption, corruption repair and seeding. A security vulnerability exists in Transmission 2.92 and earlier versions. A remote attacker can execu...

Synology Photo Station 6.8.2-3461 - SYNOPHOTO_Flickr_MultiUpload Remote Code Execution Exploit

Exploit for hardware platform in category remote exploits !/usr/local/bin/python """ Synology Photo Station = 6.8.2-3461 latest SYNOPHOTOFlickrMultiUpload Race Condition File Write Remote Code Execution Vulnerability Found by: mrme Tested: 6.8.2-3461 latest at the time Vendor Advisory:...

DEBIAN-CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

Synology Photo Station 6.8.2-3461 - SYNOPHOTO_Flickr_MultiUpload Race Condition File Write Remote Code Execution

Synology Photo Station 6.8.2-3461 - SYNOPHOTOFlickrMultiUpload Race Condition File Write Remote Code Execution !/usr/local/bin/python """ Synology Photo Station = 6.8.2-3461 latest SYNOPHOTOFlickrMultiUpload Race Condition File Write Remote Code Execution Vulnerability Found by: mrme Tested:...

Synology Photo Station 6.8.2-3461 - 'SYNOPHOTO_Flickr_MultiUpload' Race Condition File Write Remote Code Execution

!/usr/local/bin/python """ Synology Photo Station = 6.8.2-3461 latest SYNOPHOTOFlickrMultiUpload Race Condition File Write Remote Code Execution Vulnerability Found by: mrme Tested: 6.8.2-3461 latest at the time Vendor Advisory: https://www.synology.com/en-global/support/security/SynologySA1802...

Debian: Security Advisory (DLA-1243-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

CVE-2014-4994

lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames...

CVE-2014-1858

init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...

UBUNTU-CVE-2014-1858

init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...

CVE-2014-1859

1 core/tests/testmemmap.py, 2 core/tests/testmultiarray.py, 3 f2py/f2py2e.py, and 4 lib/tests/testio.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file...