CVE-2017-16592

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...

CVE-2017-16591

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...

CVE-2017-16600

This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

CVE-2017-16601

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

CVE-2017-16592

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...

CVE-2017-16597

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ requests. When parsing the...

CVE-2017-16603

This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...

CVE-2017-16606

This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...

EulerOS 2.0 SP1 : rsync (EulerOS-SA-2018-1011)

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata...

Debian: Security Advisory (DLA-919-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1239-1] poco security update

Package : poco Version : 1.3.6p1-4+deb7u1 CVE ID : CVE-2017-1000472...

DEBIAN-CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

UBUNTU-CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

CVE-2017-17793

Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...

Information disclosure

Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...

CVE-2017-17793

Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...

CVE-2017-17793

Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...

CVE-2017-17793

BlogoText 3.7.6 and earlier: information-disclosure vulnerability in admin/maintenance.php at creer_fichier_zip. An attacker can defeat the filename-randomization protection by supplying archiv~1.zip (8.3 filename) and read backup archives on Windows servers. Root cause is a flaw in the randomiza...

Trend Micro Smart Protection Server Multiple Vulnerabilities

1. Advisory Information Title: Trend Micro Smart Protection Server Multiple Vulnerabilities Advisory ID: CORE-2017-0008 Advisory URL:https://www.coresecurity.com/core-labs/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities Date published: 2017-12-19 Date of last update:...

NetGain Systems Enterprise Manager restore.download_005fdo_jsp Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...