1458 matches found
Pillow: Multiple vulnerabilities
Background The friendly PIL fork. Description Multiple vulnerabilities have been discovered in Pillow. Please review the CVE identifiers referenced below for details. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the...
Apple TV < 10.0.1 Multiple Vulnerabilities
According to its banner, the version of Apple TV on the remote device is prior to 10.0.1. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in WebKit when handling the location attribute that allows an unauthenticated, remote attacker to bypass the cross-origin policies and...
Malware Information Sharing Platform Insecure Temporary File Creation Vulnerability
The Malware Information Sharing Platform MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and analyzing cybersecurity events and malware. A security vulnerability exists in the app/Controller/TemplatesController.php file in MISP...
USN-3042-1 kde4libs vulnerability
Andreas Cord-Landwehr discovered that KDE-Libs incorrectly handled extracting certain archives. If a user were tricked into extracting a specially-crafted archive, a remote attacker could use this issue to overwrite arbitrary files out of the extraction directory...
Debian DSA-3620-1 : pidgin - security update
Yves Younan of Cisco Talos discovered several vulnerabilities in the MXit protocol support in pidgin, a multi-protocol instant messaging client. A remote attacker can take advantage of these flaws to cause a denial of service application crash, overwrite files, information disclosure, or...
Debian: Security Advisory (DSA-3620-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-4323
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image...
GLSA-201603-04 : FUSE: incorrect filtering of environment variables leading to privilege escalation
The remote host is affected by the vulnerability described in GLSA-201603-04 FUSE: incorrect filtering of environment variables leading to privilege escalation The fusermount binary calls setuidgeteuid to reset the RUID when it invokes /bin/mount so that it can use privileged mount options that a...
CVE-2005-2991
ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using 1 zdiff or 2 zcmp, a different vulnerability than CVE-2004-0970...
CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in the 1 install-as attribute in the file element in package.xml 1.0 or the 2 as attribute in the install element in package.xm...
CVE-2009-5079
The 1 gendef.sh, 2 doc/fixinfo.sh, and 3 contrib/gdiffmk/tests/runtests.in scripts in GNU troff aka groff 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro.tmp or /tmp/ temporary file...
CVE-2004-1377
The 1 fixps aka fixps.in and 2 psmandup aka psmandup.in scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files...
CVE-2004-1296
The 1 eqn2graph and 2 pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files...
Ubuntu 14.04 LTS : NTP vulnerabilities (USN-2783-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2783-1 advisory. Aleksis Kauppinen discovered that NTP incorrectly handled certain remote config packets. In a non-default configuration, a remote authenticated attacker...
Multiple FireEye Product 'extract_ar.py' Directory Traversal Vulnerabilities
FireEye is a well-known American cybersecurity company. A directory traversal vulnerability exists in the implementation of multiple FireEye products. A remote attacker could exploit this vulnerability to create or overwrite arbitrary files in the user's context...
CVE-2013-0261
1 installer/basedefs.py and 2 modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...
Updated libvdpau packages fix security vulnerabilities
Updated libvdpau packages fix security vulnerabilities: libvdpau versions 1.1 and earlier, when used in setuid or setgid applications, contain vulnerabilities related to environment variable handling that could allow an attacker to execute arbitrary code or overwrite arbitrary files CVE-2015-5198...
ppc64-diag: multiple temporary file races
Multiple insecure temporary file use flaws were found in the way the ppc64-diag utility created certain temporary files. A local attacker could possibly use either of these flaws to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running ppc64-diag, or...
GNU patch directory traversal vulnerability
GNU patch is a part of the GNU project that updates the original file to the patched version. GNU patch suffers from a directory traversal vulnerability due to the program failing to adequately filter user-supplied input. A remote attacker is allowed to exploit this vulnerability by traversing a...
SQL Buddy 'page' Parameter Directory Traversal Vulnerability
SQL Buddy is a nice lightweight ajax database management tool. A directory traversal vulnerability exists in SQL Buddy. A remote attacker can exploit this vulnerability by sending a specially crafted request with the directory traversal character '...' A remote attacker can exploit this...