PHP 5.5.x < 5.5.25 Multiple Vulnerabilities

According to its banner, the version of PHP 5.5.x running on the remote web server is prior to 5.5.25. It is, therefore, affected by multiple vulnerabilities : - A flaw in the pharparsetarfile function in ext/phar/tar.c could allow a denial of service via a crafted entry in a tar archive...

Unspecified Vulnerability in Apple OS X Server Firewall Component

Apple OS X Server is a set of Unix-based server operating software from the U.S. company Apple Apple. The software enables file sharing, meeting scheduling, web hosting, network remote access, etc. Firewall is one of the firewall components. A security vulnerability exists in the Firewall compone...

DEBIAN-CVE-2015-2304

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive...

openSUSE: Security Advisory for bash (openSUSE-SU-2014:1226-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

bash: security and bugfix update (critical)

bash was updated to fix a critical security issue, a minor security issue and bugs: In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash...

openSUSE Security Update : bash (openSUSE-SU-2014:1226-1) (Shellshock)

bash was updated to fix a critical security issue, a minor security issue and bugs : In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash...

CVE-2014-2377

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag...

Code injection

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag...

CVE-2014-2377 Ecava IntegraXor SCADA Server Information Exposure Through Environmental Variables

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag...

CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

CVE-2014-1816

Microsoft XML Core Services aka MSXML 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover 1 full pathnames on the client system and 2 local usernames embedded in these pathnames via a crafted w...

Design/Logic Flaw

Microsoft XML Core Services aka MSXML 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover 1 full pathnames on the client system and 2 local usernames embedded in these pathnames via a crafted w...

CVE-2014-1816

Microsoft XML Core Services aka MSXML 3.0 and 6.0 does not properly restrict the information transmitted by Internet Explorer during a download action, which allows remote attackers to discover 1 full pathnames on the client system and 2 local usernames embedded in these pathnames via a crafted w...

Command injection

The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133...

CVE-2014-1726

The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...

UBUNTU-CVE-2014-1726

The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access...

CVE-2014-1726

Removed by vendor...

CVE-2013-7331

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild ...

CVE-2013-7331

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild ...

CVE-2013-6660

The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site...