CVE-2012-4522

The rbgetpathcheck function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path...

Buffer overflow

Buffer overflow in the fusedoioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server...

Linux Kernel GFS2 "gfs2_fallocate()" 拒绝服务漏洞

CVE ID: CVE-2011-2689 Linux Kernel是Linux操作系统的内核。 Linux Kernel在 "gfs2fallocate"函数的实现上存在拒绝服务漏洞，恶意本地用户可利用此漏洞造成拒绝服务。 此漏洞源于fs/gfs2/file.c中的"gfs2fallocate"函数没有正确确保协调好了已分配的字节，可被利用造成"BUG"。 Linux kernel 2.6.x 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.kernel.org/...

CVE-2010-1641

CVE-2010-1641 affects the Linux kernel’s gfs2 file operations. MiracleLinux AXSA-2010-377:12 notes the affected kernel (2.6.18-194.3.AXS3) and flags that do_gfs2_set_flags does not verify file ownership, allowing local bypass via a SETFLAGS ioctl. The vulnerability corresponds to Linux kernels be...

Linux Kernel nfs_lock函数本地拒绝服务漏洞

CVECAN ID: CVE-2007-6733 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的fs/nfs/file.c文件中的nfslock函数没有正确的删除对setgid未设置group-execute权限文件的 POSIX锁定，这允许本地用户通过在NSF文件系统上锁定文件然后再更改该文件的权限导致系统崩溃。 Linux kernel 2.6.9 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://lkml.org/lkml/2005/12/21/334...

php 5.1.2 file.c 权限提升漏洞

No description provided by source...

Mandriva Security Advisory MDVSA-2009:303 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:303. OpenVAS Vulnerability Test $Id: mdksa2009303.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:303 php Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

CVE-2006-6678

The edittextarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename...

CVE-2006-6678

The edittextarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename...

CVE-2006-1494

CVE-2006-1494 is described in the initial entry as a directory traversal vulnerability in PHP 4.4.2 and 5.1.2, allowing local users to bypass open_basedir and create files in arbitrary directories via the tempnam function. Connected documents reference this CVE ID in scan data (e.g., Ubuntu USN-3...

CVE-2006-1055

The fillwritebuffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGESIZE or more is requested, which might allow local users to cause a denial of service crash by causing an out-of-bounds read...