8766 matches found
Directory traversal
Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename...
CVE-2015-2950
Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename...
OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities
Document Title: =============== OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-18 Vulnerability Laboratory ID VL-ID: ===================================...
CVE-2015-2851
clientchown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename...
CVE-2015-2851
clientchown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename...
Code injection
HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the 1 HttpServlet or 2 NetworkEditorController component, aka ZDI-CAN-2569...
CVE-2015-2121
HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the 1 HttpServlet or 2 NetworkEditorController component, aka ZDI-CAN-2569...
CVE-2015-2121
HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the 1 HttpServlet or 2 NetworkEditorController component, aka ZDI-CAN-2569...
Cross site scripting
Cross-site scripting XSS vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename...
CVE-2015-0915
Cross-site scripting XSS vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename...
SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0387-1)
This update fixes the following security issues with apache2 httpd : - Improper LDLIBRARYPATH handling CVE-2012-0883 - Filename escaping problem CVE-2012-2687 Additionally, some non-security bugs have been fixed as enumerated in the changelog of the RPM. Note that Tenable Network Security has...
kernel security and bug fix update
3.10.0-229.4.2 - Oracle Linux certificates Alexey Petrenko 3.10.0-229.4.2 - x86 crypto: aesni - fix memory usage in GCM decryption Kurt Stutsman 1213331 1212178 CVE-2015-3331 3.10.0-229.4.1 - crypto x86: sha256ssse3 - also test for BMI2 Herbert Xu 1211484 1201563 - crypto testmgr: fix RNG return...
PDF Converter & Editor 2.1 iOS - File Include Vulnerability
Document Title: =============== PDF Converter & Editor 2.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1480 Release Date: ============= 2015-05-06 Vulnerability Laboratory ID VL-ID: ===================================...
ManageEngine Desktop Central MSP FileUploadServlet computerName File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet servlet. The issue lies in the failure to...
ManageEngine OpManager MultipartRequestServlet File Name Denial of Service Vulnerability
ManageEngine is a comprehensive and complete IT operation and maintenance management solution from ZOHO Corporaton formerly known as AdventNet, covering network management, application performance monitoring, network traffic analysis, IT service management, asset management and so on. A denial of...
Novell ZENworks 'FileViewer' Class Information Disclosure Vulnerability
Novell ZENworks is a suite of software that supports automated IT management and business process management across resources within an organization. Novell ZENworks' FileViewer class fails to adequately filter the 'filename' variable, allowing remote attackers to read arbitrary files and obtain...
ManageEngine OpManager MultipartRequestServlet fileName Denial of Service Vulnerability
This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the multipartRequest servlet. The issue lies in the failure to...
ManageEngine Applications Manager FailOverHelperServlet Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine Applications Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the FailOverHelperServlet servlet. The issue lies in the...
Cross site scripting
Cross-site scripting XSS vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to inject arbitrary web script or HTML via a crafted filename...
CVE-2015-0910
Cross-site scripting XSS vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to inject arbitrary web script or HTML via a crafted filename...