CVE-2017-9640

A Path Traversal issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An...

ALC WebCTRL i-Vu/SiteScan Web Path Traversal Vulnerability

ALC WebCTRL is the building automation platform. A security vulnerability exists in ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior versions that allows an authenticated user to overwrite files used to execute code...

Directory Traversal

mixlib-archive is vulnerable to directory traversal attacks. Attackers can overwrite other files by using .. in tar archive entries...

CVE-2017-1000026

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries...

Octopus Deploy PackageId Value Directory Traversal Vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in version 3.x of Octopus Deploy prior to 3.15.4. An attacker can exploit this vulnerability by uploading maliciously crafted NuGet packets to overwrite other...

CVE-2017-1000026

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries...

CVE-2017-1105

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 includes DB2 Connect Server is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668...

RubyGems: Installing a crafted gem package may create or overwrite files

There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...

CVE-2017-6690

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected...

CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux

======================================================================== Contents ======================================================================== Analysis Exploitation Example Acknowledgments ======================================================================== Analysis...

USN-3304-1 sudo vulnerability

It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions...

Unspecified vulnerability in Perltidy

Perlpritic is a Perl source code analyzer; check-all-the-things is a code error checking software. perltidy is one of the set of software developer Steve Hancock developed by the Perl code organization tools. A security vulnerability exists in Perltidy 20160302 and earlier versions used in...

CVE-2016-10374

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as...

DEBIAN-CVE-2016-10374

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as...

CVE-2016-10374

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as...

UBUNTU-CVE-2017-8921

In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan XML. A resource such as a malicious third-party aircraft could exploit this to damage files belonging to...

USN-3215-1: Munin vulnerability

It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to overwrite arbitrary files as the www-data user...

AttacheCase vulnerable to directory traversal

Overview AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains a directory traversal vulnerability CWE-22 due to a flaw in processing filenames in ATC files. Kazuki Furukawa reported this vulnerability to IPA. JPCERT/CC coordinated with the...

Fedora 25 : FlightGear (2016-01eba63bcc)

This update fixes a security problem, where the route manager can potentially overwrite arbitrary files. CVE-2016-9956. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...

DEBIAN-CVE-2016-4323

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image...