1309 matches found
The vulnerability of Cisco Nexus 1000V software allows a malicious individual to gain access to confidential information.
The GNU Bash command shell, as of version 4.3 bash43-025, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions. Security...
CVE-2016-0889
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname...
Techno Project Japan Enisys Gw Arbitrary Code Execution Vulnerability
Techno Project Japan Enisys Gw is an open source groupware software from Techno Project Japan. A security vulnerability exists in Techno Project Japan Enisys Gw. The vulnerability allows remote attackers to write to arbitrary files and execute arbitrary code...
Apple iOS Double Release Vulnerability
Apple iOS is an operating system for handheld devices developed by Apple Inc. A double release vulnerability exists in Apple iOS versions prior to 9.1, and OS X versions prior to 10.11.1. The vulnerability allows an attacker to perform arbitrary file write operations via a crafted application tha...
Apple OS X Symbolic Link Attack Vulnerability
Apple OS X is the operating system used by the Apple family of machines. A symbolic link attack vulnerability exists in Apple OS X versions prior to 10.11.1. The vulnerability allows an attacker to perform an unspecified symbolic link attack via a crafted application to perform arbitrary write to...
docker: symlink traversal on container respawn allows local privilege escalation
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...
IBM Security SiteProtector System Directory Traversal Vulnerability
The IBM Security SiteProtector System is a centralized management system that unifies the management and analysis of network, server and endpoint security agents and devices. A directory traversal vulnerability exists in IBM Security SiteProtector System, which allows remote attackers to write to...
USN-2549-1 libarchive vulnerabilities
It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to...
AVG Internet Security Elevation of Privilege Vulnerability
AVG Internet Security is an Internet security suite that includes antivirus, antispyware, antispam, link scanning and firewall. AVG Internet Security suffers from an elevation of privilege vulnerability, which can be exploited by a local attacker to write arbitrary files to enforce kernel-level...
DEBIAN-CVE-2014-6407
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...
CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX
Vulnerability title: Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX CVE: CVE-2014-3074 Vendor: IBM Product: AIX Affected version: AIX 6.1 and 7.1 and VIOS 2.2. Reported by: Tim Brown Details: It has been identified that the runtime linker allows privilege escalati...
AIX 7.1 TL 2 : malloc (IV62807)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
AIX 6.1 TL 8 : malloc (IV61311)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
AIX 7.1 TL 1 : malloc (IV61315)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
AIX 6.1 TL 9 : malloc (IV60935)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
AIX 6.1 TL 7 : malloc (IV61313)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
AIX 7.1 TL 2 : malloc (IV61314)
It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...
DEBIAN-CVE-2014-0471
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...
Personal Address Book 2.0 File Upload
TITLE: Unauthenticated Remote File Upload via HTTP for Personal Address Book 2.0 on iOS Date: 8/1/2013 Author: Larry W. Cashdollar, @larry0 Download: https://itunes.apple.com/us/app/personal-address-book-helpful/id490328390?mt=8 http://www.tayutec.com/indexen.html Description: "Features: To creat...
Lua-Programming Language 1.6 File Upload
TITLE: Unauthenticated Remote File Upload via HTTP for lua-Programming language 1.6 on iOS Date: 8/1/2013 Author: Larry W. Cashdollar, @larry0 Download: https://itunes.apple.com/us/app/lua-programming-language/id505972017?mt=8&ls=1 http://www.tayutec.com/indexen.html Description: "Please download...