390 matches found
Docker Moby Design Vulnerability
Docker Moby is a framework for installing systems in containers. A security vulnerability in the 'DefaultLinuxSpec' function in the oci/defaults.go file in Docker Moby 17.03.2-ce and prior versions stems from the program failing to block /proc/scsi pathnames. An attacker could exploit this...
UBUNTU-CVE-2017-16539
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss when certain older Linux kernels are used by leveraging Docker container access to write a "scsi remove-single-device" line to...
Code injection
Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php...
unADF Stack Buffer Overflow Vulnerability
unADF is a set of disk file dumping tools. A stack buffer overflow vulnerability exists in the 'extractTree' function in unADF. A remote attacker can exploit this vulnerability to execute arbitrary code via long pathnames...
Debian DSA-3676-1 : unadf - security update
Tuomas Rasanen discovered two vulnerabilities in unADF, a tool to extract files from an Amiga Disk File dump .adf : - CVE-2016-1243 A stack-based buffer overflow in the function extractTree might allow an attacker, with control on the content of a ADF file, to execute arbitrary code with the...
Updated libarchive packages fix security vulnerability
The updated packages fix several security vulnerabilities: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with...
Mozilla Firefox Sensitive Information Disclosure Vulnerability (CNVD-2016-08176)
Mozilla Firefox is an open source web browser. A vulnerability in Mozilla Firefox's handling of drag-and-drop operations can be exploited by remote attackers to construct a malicious web page that can be parsed to obtain full-pathname information...
UBUNTU-CVE-2016-5279
Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code...
USN-3024-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu...
CVE-2016-0304
The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J...
DEBIAN-CVE-2016-1583
The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stack memory consumption via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling...
Code injection
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument load method, 2 the xmlwriteropenuri function, 3 t...
EMC Unisphere for VMAX vApp Manager Arbitrary File Write Vulnerability
EMC Unisphere for VMAX is a set of management interfaces for the VMAX storage family from EMC Corporation USA. An arbitrary file write vulnerability exists in the HTTP servlet in vApp Manager in EMC Unisphere for VMAX versions prior to 8.2.0, which can be exploited by a remote attacker to write...
Design/Logic Flaw
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors...
CVE-2015-7934
The CVE-2015-7934 entry concerns the Adcon Telemetry A840 Telemetry Gateway Base Station’s Java client, where the Java client reveals the full pathname of log files on the server. The vulnerability is an information disclosure (log-file pathnames) that could be exploited remotely, with no client ...
CVE-2015-7934
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors...
Apache Subversion Pathname Sensitive Information Disclosure Vulnerability
Apache Subversion is a free/open source version control system. Apache Subversion svnrepostracenodelocations has a security vulnerability that allows remote authenticated users to view pathnames hidden by authz...
Microsoft Internet Explorer Information Disclosure Vulnerability (CNVD-2015-04585)
Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A security vulnerability exists in Microsoft IE versions 10 through 11. The vulnerability can be exploited by remote attackers to re...
Cisco AnyConnect Secure Mobility Client Privilege Setting Vulnerability
The Cisco AnyConnect Secure Mobility Client is a suite of devices that enable remote users to securely connect to the Cisco ASA 5500 appliance via SSL VPN. A security vulnerability in the handling of pathnames in the Cisco AnyConnect Secure Mobility Client for Windows-based platforms allows a loc...
PHP 5.6.x < 5.6.9 Multiple Vulnerabilities
According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. CVE-2015-2325, CVE-2015-2326 - A flaw in the pharparsetarfile function in ext/phar/tar.c could...