CVE-2017-16605

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

NetGain Enterprise Manager Arbitrary File Overwrite Vulnerability

Netgain Enterprise Manager is a suite of IT asset monitoring and management software from NetGain Systems, Singapore. A directory traversal vulnerability exists in the org.apache.jsp.u.jsp.cnnic.asset.deviceReport.deviceReport005fexport005fdojsp servlet in NetGain Enterprise Manager, which stems...

Trend Micro ScanMail for Exchange Security Restriction Bypass Vulnerability (CNVD-2018-01122)

Trend Micro ScanMail for Exchange is a mail firewall solution developed and maintained by Trend Micro that is designed to protect Exchange mail servers from viruses, spyware and spam threats. A security vulnerability exists in Trend Micro ScanMail for Exchange version 12.0. The vulnerability can ...

Directory traversal

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory...

CVE-2017-8189

FusionSphere OpenStack V100R006C00SPC102NFVhas a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal...

CVE-2017-8806

The Debian pgctlcluster, pgcreatecluster, and pgupgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL and other packages related to Debian and Ubuntu, handled symbolic links insecurely, which could result in local denial of service by...

PT-2017-3927 · Postgresql +1 · Postgresql-Common +1

Name of the Vulnerable Software and Affected Versions: postgresql-common versions prior to 181+deb9u1 Description: The issue is related to the incorrect handling of symbolic links by the pg ctlcluster, pg createcluster, and pg upgradecluster scripts in the postgresql-common package for PostgreSQL...

CVE-2017-2882

An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to...

DEBIAN-CVE-2011-2684

foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs...

Skybox Manager Client Application File Upload Vulnerability

Skybox Manager Client Application is a client-side management application of a network security risk analysis tool from Skybox Security, USA. An arbitrary file upload vulnerability exists in Skybox Manager Client Application versions prior to 8.5.501, where the program fails to adequately validat...

Microsoft Windows Update Delivery Optimization Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Windows Update Delivery Optimization in Microsoft Windows, which originates when the program fails to enforce file sharing permissions. A local attacker...

IBM Spectrum Protect Insecure Temporary File Vulnerability

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from U.S.-based IBM that provides organizations with a single point of control and management, and support for backup and recovery of virtual, physical and cloud environments of all sizes. An...

Docker Temporary File Creation Vulnerability

Docker is an open source application container engine from Docker Inc. in the United States, which supports the creation of a container lightweight virtual machine and deployment and running applications on Linux systems, as well as automated installation, deployment and upgrading of applications...

CVE-2017-14771

Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary fi...

CVE-2017-14771

Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary fi...

CVE-2017-7549

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

CVE-2017-1452

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 includes DB2 Connect Server could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180...

instack-undercloud: uses hardcoded /tmp paths

A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files...

instack-undercloud: uses hardcoded /tmp paths

A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files...

CVE-2017-9640

A Path Traversal issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An...