DEBIAN-CVE-2015-1306

The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors...

Multiple directory traversal vulnerability in ppmd

PPMd is a compression algorithm used by both 7zip and WinRAR compression software. PPMd suffers from multiple directory traversal vulnerabilities that could be exploited by a remote attacker to read arbitrary files within the context of an application...

Multiple Directory Traversal Vulnerability in ARJ

arj is an early DOS operating system under the compression format, is the famous DOS compression software arj.exe compressed file archive format. There are multiple directory traversal vulnerabilities in ARJ, which allow a remote attacker to access or read arbitrary files containing sensitive...

CVE-2014-7823

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIRDOMAINXMLMIGRATABLE flag, which triggers the use of the VIRDOMAINXMLSECURE flag...

DEBIAN-CVE-2014-7823

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIRDOMAINXMLMIGRATABLE flag, which triggers the use of the VIRDOMAINXMLSECURE flag...

CVE-2014-7823

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIRDOMAINXMLMIGRATABLE flag, which triggers the use of the VIRDOMAINXMLSECURE flag...

PYSEC-2014-45

ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors...

CVE-2013-5655

Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. dot dot in the default URI...

Rising OpenSSL（CVE-2 0 1 4-0 1 6 0）vulnerability analysis report-vulnerability warning-the black bar safety net

1. CVE-2 0 1 4-0 1 6 0 vulnerability background 2 0 1 4 年 4 月 7, OpenSSL released a security Bulletin, in the OpenSSL1. 0. 1 version there is a serious VulnerabilityCVE-2 0 1 4-0 1 6 to 0. OpenSSL Heartbleed module there is a BUG, the problem exists in the ssl/dlboth. c file in the heartbeat...

qemu: job usage issue in several APIs leading to libvirtd crash

Multiple race conditions in the 1 virDomainBlockStats, 2 virDomainGetBlockInf, 3 qemuDomainBlockJobImpl, and 4 virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service libvirtd...

DEBIAN-CVE-2013-6458

Multiple race conditions in the 1 virDomainBlockStats, 2 virDomainGetBlockInf, 3 qemuDomainBlockJobImpl, and 4 virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service libvirtd...

CVE-2013-0080

Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."...

JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...

CVE-2011-5127

Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request...

jakarta-commons-daemon: jsvc does not drop capabilities allowing access to files and directories owned by the superuser

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for...

PHP-NUKE Remote read config Vulnerability

Exploit for php platform in category web applications Exploit Title:PHP-NUKE remote read config Vulnerability Date: 6/6/2011 Author: Angel Injection home Page: http://www.club-h.co.cc Email: Angel-Injectionathotmail.com Vendor or Software Link:http://phpnuke.org Version: n/a Category:: webapps...

CVE-2011-1647

The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified...

CVE-2011-1673

BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file...

Kleeja Upload Script remote read config Vulnerability

Exploit for php platform in category web applications ===================================================== Kleeja Upload Script remote read config Vulnerability ===================================================== + Author : ali.erroor Contact : email protected HomePage :...

libpng: Interlaced Images Information Disclosure Vulnerability

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in t...