Rockwellautomation Controllogix Improper Link Resolution Before File Access ('Link Following')

Open redirect vulnerability in the web interface in the Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. File data ot500183.nasl...

Privilege Escalation

zsh is vulnerable to privilege escalation attacks. A local, unprivileged attacker can create a specially crafted directory path leading to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path which leads to a privilege escalation...

PT-2019-2860

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 4.4.2 node-tar version 2.2.2 is not affected, but versions prior to 2.2.2 are affected Description The issue is related to incorrect link resolution before file access in the node-tar module of the Node.js library...

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3824-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3824-1 advisory. It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibl...

PT-2018-3935 · Red Hat +1 · Glusterfs +1

Name of the Vulnerable Software and Affected Versions: GlusterFS affected versions not specified Description: The issue is related to an incorrect link resolution in the file system, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. Recommendation...

zsh: buffer overflow when scanning very long directory paths for symbolic links

A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do symbolic link resolution in the aforementioned path. An attacker could exploi...

Improper Link Resolution Before File Access ('Link Following')

lib/vlad/dba/mysql.rb in the VladTheEnterprising gem for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.targethost...

Circle with Disney Configuration Restore Photos File Overwrite Vulnerability(CVE-2017-2916)

Summary An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circ...