Path traversal

Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\ four backslashes in the fileName parameter to getRdsLogFile...

UBUNTU-CVE-2014-9683

Off-by-one error in the ecryptfsdecodefromfilename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service buffer overflow and system crash or possibly gain privileges via a crafted filename...

CVE-2011-4720

Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service daemon crash via a long filename in a 1 RRQ or 2 WRQ operation...

Hardcoded credentials

Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service daemon crash via a long filename in a 1 RRQ or 2 WRQ operation...

CVE-2014-9373

Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. dot dot in the filename...

CVE-2014-9372

Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro PMP before 7103 allows remote attackers to delete arbitrary files via a .. dot dot in a filename...

CVE-2014-8608

The K7Sentry.sys kernel mode driver aka K7AV Sentry Device Driver before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service NULL pointer dereference as demonstrated by a filename containing "crashme$$"...

CVE-2014-8608

The K7Sentry.sys kernel mode driver aka K7AV Sentry Device Driver before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service NULL pointer dereference as demonstrated by a filename containing "crashme$$"...

ManageEngine Password Manager Pro UploadAccountActivities filename Directory Traversal Denial of Service Vulnerability

This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of ManageEngine Password Manager Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadAccountActivities servlet. The issue lies in...

Buffer overflow

Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the 1 StartRecord, 2 StartRecordEx, 3 StartScheduledRecord, 4 SetDisplayText, 5 GetONVIFDeviceInformation, 6...

CVE-2014-9263

Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the 1 StartRecord, 2 StartRecordEx, 3 StartScheduledRecord, 4 SetDisplayText, 5 GetONVIFDeviceInformation, 6...

CVE-2014-8990

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename...

CVE-2014-8990

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename...

Code injection

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename...

UBUNTU-CVE-2014-8990

default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename...

Directory traversal

Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. dot dot in the FILENAME parameter...

CVE-2014-5284

CVE-2014-5284 affects OSSEC prior to 2.8.1, where host-deny.sh writes to temporary files with predictable filenames without ownership verification. This can allow a local attacker to modify hosts.deny and gain root privileges by pre-creating temp files before automatic IP blocking occurs. The vul...

CVE-2014-8960

Cross-site scripting XSS vulnerability in libraries/errorreport.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

DEBIAN-CVE-2014-8960

Cross-site scripting XSS vulnerability in libraries/errorreport.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

UBUNTU-CVE-2014-8960

Cross-site scripting XSS vulnerability in libraries/errorreport.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename...