NetGain Systems Enterprise Manager _3d.add_005f3d_005fview_005fdo_jsp Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

[SECURITY] [DLA 1204-1] evince security update

Package : evince Version : 3.4.0-3.1+deb7u2 CVE ID : CVE-2017-1000159 It was discovered that there was an arbitrary command injection in the evince PDF viewer. A specially-crafted embedded DVI filename could be exploited to run commands as the current user when "printing" to PDF. For Debian 7...

Emby MediaServer 3.2.5 Reflected XSS Vulnerability

Summary Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Two comparable media servers are Plex and Windows Media Center. Description Emby suffers from a XSS issue due ...

USN-3506-1 rsync vulnerabilities

It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. CVE-2017-17433 It was discovered that rsync does not check for fnamecmp filenames and also does not apply the sanitizepaths protection...

CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

Command injection

Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91...

DEBIAN-CVE-2017-1000159

Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91...

UBUNTU-CVE-2017-1000159

Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91...

Apache Httpd < 2.4.33 : <FilesMatch> bypass with a trailing newline in the file name

The expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename...

Design/Logic Flaw

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...

DEBIAN-CVE-2017-16661

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd with a Log Path under /etc to read /etc/passwd...

Cacti Arbitrary File Read Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A security vulnerability exists in Cacti version 1.1.27. A remote...

tnftp "savefile" Arbitrary Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...

tnftp - &#039;savefile&#039; Arbitrary Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...

openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2017:2868-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GHSA-RFMF-RX8W-935W Sounder Contains Arbitrary Command Execution Vulnerability

lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename...

md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename

converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...

GHSA-P673-HJF2-PWFR Shell command injection in command_wrap

commandwrap.rb in the commandwrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename...

GHSA-99CH-8MVP-G7M5 md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename

converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...