CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

Code injection

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

UBUNTU-CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a 1 .aux, 2 .log, 3 .out, 4 .pdf, or 5 .toc extension for the file name, as demonstrated by .thesis.tex.aux...

Red Hat Automatic Bug Reporting Tool任意文件写入漏洞

问题在abrt-action-install-debuginfo-to-abrt-cache 在默认的情况下，它会在/var/tmp/abrt-tmp-debuginfo-RANDOMSUFFIX创建一个临时文件,然后会下载rpm文件到这个文件夹，之后会进行解压，因为是临时文件夹，所以解压的路径不是这个，而是在/var/cache/abrt-di,但是因为这个文件夹并不是随机创建的，而且可预测性极强，所以我们可以提前创建这个文件夹，依靠控制unpacked.cpio这个文件，我们就能欺骗abrt-action-install-debuginfo提取一个我们可控制的cpio文件...

Red Hat Automatic Bug Reporting Tool Arbitrary File Write Vulnerability

Red Hat Automatic Bug Reporting Tool ABRT is a set of automated bug detection and reporting tools from Red Hat Red Hat. A security vulnerability exists in the abrt-action-install-debuginfo-to-abrt-cache help program in Red Hat ABRT versions prior to 2.7.1. A local attacker can exploit the...

CVE-2015-5273

CVE-2015-5273 affects ABRT and libreport: the abrt-action-install-debuginfo-to-abrt-cache helper allows a local attacker to write arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. Public advisories (RHSA/CESA) and distributed sec...

Oracle BeeHive 2 - 'voice-servlet processEvaluation()' Write File (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Oracle BeeHive 2 voice-servlet processEvaluation Vulnerability", 'Description' = %q This module exploits a vulnerability found in...

Design/Logic Flaw

Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and writ...

flash-plugin: multiple code execution issues fixed in APSB15-28

Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and writ...

flash-plugin: multiple code execution issues fixed in APSB15-28

Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and writ...

CVE-2015-7662

Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and writ...

Oracle Beehive prepareAudioToPlay Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Beehive. Authentication is not required to exploit this vulnerability. The specific flaw exists within the voice-servlet's playAudioFile.jsp. The method prepareAudioToPlay contains vulnerabl...

Janitza UMG Arbitrary File Read/Write Vulnerability

The Janitza UMG is an online power quality monitor for the energy industry from Janitza Germany. An arbitrary file read/write vulnerability exists in Janitza UMG 508, 509, 511, 604,605. This allows remote attackers to read or write files, or execute arbitrary JASIC code via a session with TCP por...

CVE-2015-5669

Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors...

Apple Mac OS X Multiple Vulnerabilities-02 (Oct 2015)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-6984

CVE-2015-6984 affects Apple OS X before 10.11.1 via libarchive. A crafted app can trigger a symlink attack to write to arbitrary files due to path/symlink handling in libarchive. Impact: arbitrary file writes. Mitigation: update to OS X 10.11.1 / Security Update 2015-007.

CVE-2015-6318

Cisco TelePresence VCS Expressway X8.5.1/X8.5.2 is affected by a local, authenticated symbolic-link attack in the file handling of the request-xconfdump path, enabling write access to arbitrary linked files due to insufficient protection. Exploitation can allow insertion of arbitrary content into...