UBNT Bug Bounty #3 - Persistent Filename Vulnerability

Document Title: =============== UBNT Bug Bounty 3 - Persistent Filename Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1468 View Video: https://www.youtube.com/watch?v=JeEWyV9VMpE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1467 Release...

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

Document Title: =============== UBNT Bug Bounty 3 - Persistent Filename Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1468 View Video: https://www.youtube.com/watch?v=JeEWyV9VMpE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1467 Release...

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

Document Title: =============== UBNT Bug Bounty 3 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1467 Video: http://www.vulnerability-lab.com/getcontent.php?id=1468 Release Date: ============= 2015-08-11 Vulnerability...

AirDroid iOS / Android / Win 3.1.3 - Persistent

Document Title: =============== Airdroid iOS, Android & Win 3.1.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1543 Release Date: ============= 2015-07-20 Vulnerability Laboratory ID VL-ID: ==================================...

CollabNet Subversion Edge tail local file inclusion

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "fileName" parameter of the "tail" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local...

Design/Logic Flaw

The CLI parser in Cisco NX-OS 4.12E11, 6.211b, 6.212, 7.20ZZ99.1, 7.20ZZ99.3, and 9.11SV13.1.8 on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and...

Apple MAC OS X Spotlight Command Injection Vulnerability

Apple Mac OS X is a commercial operating system. A security vulnerability in Apple Mac OS X Spotlight's handling of image filenames allows attackers to exploit the vulnerability to trick users into searching for malicious files, injecting commands, and executing them...

CollabNet Subversion Edge Management Show LFI

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via "fileName" parameter of the show action Date: 10.10.2014 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local file...

CollabNet Subversion Edge Management downloadHook LFI

Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "filename" parameter of the "downloadHook" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...

Server: Resource Exthaustion when sanitizing filenames

The sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints. Effectively this lead to a endless loop filling the log file until the system is not anymore responsive. For more information please consult the official advisor...

UBUNTU-CVE-2015-3411

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument load method, 2 the xmlwriteropenuri function, 3 t...

PHP 5.4.x < 5.4.40 / 5.5.x < 5.5.24 / 5.6.x < 5.6.8 'php_sdl.c' WSDL Injection

Binary data 8789.prm...

Ebay Inc Magento #10 - Persistent Filename Vulnerability

Document Title: =============== Ebay Inc Magento 10 - Persistent Filename Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1458 Video: https://www.youtube.com/watch?v=WffsHd8pibE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1457 EIBBP-31603...

Ebay Inc Magento #10 - Persistent Filename Vulnerability

Document Title: =============== Ebay Inc Magento 10 - Persistent Filename Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1458 Video: https://www.youtube.com/watch?v=WffsHd8pibE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1457 EIBBP-31603...

PHP < 5.4.41, 5.5.x < 5.5.25, 5.6.x < 5.6.9 Multiple Vulnerabilities - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

CVE-2015-4393

The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary code via a crafted filename...

[SECURITY] Fedora 22 Update: filezilla-3.11.0.2-1.fc22

FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFT P - Cross-platform - Available in many languages - Supports resume and transfer of large files 4GB - Easy to use Site Manager and transfer queue - Dr...

Novell ZENworks Configuration Management FileViewer Information Disclosure (CVE-2015-0783)

An information disclosure vulnerability exists in Novell ZENworks Configuration Management. The vulnerability is due to lack of sanitization on the filename parameter within the FileViewer class. By sending crafted requests to the target server, a remote attacker can leverage this vulnerability t...

SysAid Help Desk Directory Traversal Vulnerability

SysAid Help Desk is a suite of Web-based IT management software. The SysAid Help Desk /sysaid/getGfiUpgradeFile URI and /sysaid/calculateRdsFileChecksum URI fails to adequately filter the 'fileName' parameter, allowing remote attackers to exploit a vulnerability to submit a special directory...

UBUNTU-CVE-2015-4021

The pharparsetarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service integer underflow and memory...