412 matches found
Debian: Security Advisory (DSA-3218-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Multiple Vulnerabilities in UberFire Framework
UberFire Framework is a rich client platform architecture software. The software supports high-availability deployments. An arbitrary code execution and file read vulnerability exists in UberFire Framework version 0.3.x, which stems from the program failing to properly restrict paths. A remote...
CVE-2014-8114
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...
CVE-2014-8114
The CVE-2014-8114 entry affects the UberFire Framework 0.3.x and is caused by inadequate path restriction in the framework’s FileUploadServlet/FileDownloadServlet handling. This leads to two disclosed risks: (1) remote code execution by uploading crafted content to FileUploadServlet and (2) arbit...
CVE-2013-3426
The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810...
Microsoft Windows Multiple COM Binary Planting Vulnerabilities (MS11-076; CVE-2011-1991; CVE-2011-2009)
The vulnerabilities are due to the way Windows COM servers improperly restrict the paths used when loading external libraries. A remote attacker may exploit these vulnerabilities by enticing an unsuspecting user to open a specially crafted file from a WebDAV or an SMB shareSuccessful exploitation...
Debian Security Advisory DSA 459-1 (kdelibs, kdelibs-crypto)
The remote host is missing an update to kdelibs, kdelibs-crypto announced via advisory DSA 459-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...
CVE-2006-6383
PHP 5.2.0 and 4.4 allows local users to bypass safemode and openbasedir restrictions via a malicious path and a null byte before a ";" in a sessionsavepath argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.savepath...
PT-2004-1119 · Unarj · Unarj
Name of the Vulnerable Software and Affected Versions: unarj affected versions not specified Description: The issue is related to a directory traversal vulnerability in the -x extract command line option. This vulnerability allows remote attackers to overwrite arbitrary files by using an arj...
Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:022)
Corsaire discovered that a number of HTTP user agents contained a flaw in how they handle cookies. This flaw could allow an attacker to avoid the path restrictions specified by a cookie's originator. According to their advisory : 'The cookie specifications detail a path argument that can be used ...
Apple Safari 1.x - Cookie Directory Traversal
source: https://www.securityfocus.com/bid/9841/info Multiple vendor Internet Browsers have been reported to be prone to a cookie path argument restriction bypass vulnerability. The issue presents itself due to a failure to properly sanitize encoded URI content, this may make it possible for an...
eeye.web.interfaces.txt
Date: Wed, 26 May 1999 06:58:27 -0000 From: Marc To: [email protected] Subject: Multiple Web Interface Security Holes Multiple Web Interface Security Holes Systems Affected CMail 2.3 FTGate 2,1,2,1 NTMail 4.20 Release Date May 26, 1999 Advisory Code AD05261999 Description: The following holes...