1458 matches found
didjvu and pdf2djvu Insecure Temporary File Creation Vulnerability
didjvu is a Python module, which uses a separate Kamera framework, foreground and background layers, and then into the DjVu file encoding. pdf2DjVu's main function is to djvu to pdf, is a command line djvu format, pdf format, inter-conversion tool. didjvu and pdf2djvu in the existence of security...
Logstash 1.4.2 Directory Traversal Vulnerability
Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to overwrite files on the server running Logstash. Summary: Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to over-write files on the...
QEMU 'net/slirp.c' Insecure Temporary File Creation Vulnerability
QEMU is an open source emulator software. QEMU version 2.3.0, a security vulnerability exists in the implementation of /net/slirp.c, which can be exploited by an attacker with local access rights to perform a symbolic link attack and overwrite arbitrary files in the context of the affected...
FUSE Local Elevation of Privilege Vulnerability
FUSE - Filesystem in Userspace, a Linux module for mounting certain network spaces, such as SSH, to the local filesystem, can be found on SourceForge. FUSE suffers from a local elevation of privilege vulnerability. A local attacker can exploit this vulnerability to overwrite arbitrary files using...
OpenJDK: jar directory traversal issues (Tools, 8064601)
A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...
jar: directory traversal vulnerability
A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...
kexec-tools: insecure use of /tmp/*$$* filenames
It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files...
Google Android adb backup 'server/BackupManagerService.java' directory traversal vulnerability
Android is an operating system based on the Linux open kernel and is a mobile operating system announced by Google Inc. on November 5, 2007.ADB creates a backup of your Android device that exists on your computer. Google Android adb backup has a directory traversal vulnerability in its...
jar: directory traversal vulnerability
A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted...
ppc64-diag: multiple temporary file races
Multiple insecure temporary file use flaws were found in the way the ppc64-diag utility created certain temporary files. A local attacker could possibly use either of these flaws to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running ppc64-diag, or...
GLSA-201502-11 : GNU cpio: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201502-11 GNU cpio: Multiple vulnerabilities Two vulnerabilities have been discovered in GNU cpio: The listfile function in GNU cpio contains a heap-based buffer overflow vulnerability CVE-2014-9112 A directory traversal...
SYNCK GRAPHICA Download Log CGI Directory Traversal Vulnerability
A directory traversal vulnerability in the SYNCK GRAPHICA Download Log CGI allows remote attackers to overwrite arbitrary files in an application context using a directory traversal sequence with a specially crafted request '... /' to overwrite arbitrary files in the context of an application...
LabTech Insecure File Permissions Vulnerability
LabTech is an international company specializing in providing analytical chemistry laboratories from sample pre-treatment to analytical testing solutions for food safety, environmental testing, disease control and materials analysis. LabTech has an insecure file permission vulnerability that can ...
jenkins: command line interface job creation directory traversal (SECURITY-108)
Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...
USN-2370-1 apt vulnerability
Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the kernel link restrictions...
USN-2370-1: APT vulnerability
Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the kernel link restrictions...
CVE-2014-5120
gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...
CVE-2014-5120
gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...
CVE-2014-1973
Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename...
HP-UX 11.00/10.20 crontab Overwrite Files Exploit
No description provided by source. !/bin/sh HP-UX 11.00/10.20 crontab Kyong-won,Cho [email protected] Usage : ./crontab.sh distfile if -z $1 then echo Usage : $0 distfile exit fi cat EOF /tmp/crontabexp !/bin/sh ln -sf $1 $1 EOF chmod 755 /tmp/crontabexp EDITOR=/tmp/crontabexp export EDITOR...