UBUNTU-CVE-2014-8960

Cross-site scripting XSS vulnerability in libraries/errorreport.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

CVE-2014-8960

Cross-site scripting XSS vulnerability in libraries/errorreport.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

CVE-2014-8960

Cross-site scripting XSS vulnerability in libraries/errorreport.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

OracleVM 2.1 : kernel (OVMSA-2009-0009)

The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2008-4307 Race condition in the dosetlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service crash via vectors resulting in an interrupted RPC...

CVE-2014-8678

The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."...

Design/Logic Flaw

The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."...

CVE-2014-8678

Summary: CVE-2014-8678 affects ManageEngine OpUtils (ConfigSaveServlet) prior to build 71024. The vulnerability allows an unauthenticated remote attacker to disclose files by supplying a crafted filename, related to the saveFile handling. Root cause: improper sanitization/validation of the filena...

ManageEngine OpUtils ConfigSaveServlet saveFile Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose files on vulnerable installations of ManageEngine OpUtils. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the ConfigSaveServlet servlet. The issue lies in the failure to properly...

CVE-2014-6622

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors...

CVE-2014-6622

CVE-2014-6622 affects Aruba Networks ClearPass prior to 6.3.6 and 6.4.x prior to 6.4.1. The issue allows remote attackers to determine the validity of filenames through unspecified vectors, implying potential information exposure (confidentiality impact noted as partial). The sources describe the...

tnftp "savefile" Arbitrary Command Execution

This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component...

Directory traversal

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central DC before 9 build 90055 allows remote attackers to execute arbitrary code via a .. dot dot in the fileName parameter in an LFU action to statusUpdate...

CVE-2014-5006

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central DC before 9 build 90055 allows remote attackers to execute arbitrary code via a .. dot dot in the fileName parameter to mdm/mdmLogUploader...

CVE-2014-5006

CVE-2014-5006 affects ManageEngine Desktop Central/DC before 9 build 90055. A directory traversal in the mdmLogUploader servlet via a .. in the fileName parameter enables remote code execution. Affected component: mdmLogUploader handling in Desktop Central. Impact: arbitrary code execution on aff...

CVE-2014-4434

The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a crafted filename on an HFS filesystem...

Null pointer dereference

The kernel in Apple OS X before 10.10 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a crafted filename on an HFS filesystem...

CVE-2014-2044

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream ADS syntax in the filename...

Design/Logic Flaw

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream ADS syntax in the filename...

CVE-2014-2044

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream ADS syntax in the filename...

CVE-2014-2886

GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...