CVE-2019-13157

nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive...

Arbitrary Program Override Vulnerability in DCCE MAC1100 PLCs

MAC1100 PLC is a programmable logic controller manufactured by Dalian Polytechnic Computer Control Engineering Co. DCCE MAC1100 PLC has an arbitrary program overwrite vulnerability, the vulnerability stems from the MAC1100 PLC programmable logic controller to download the program to the PLC did n...

CVE-2017-16600

This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

Cisco Prime Collaboration Provisioning Tool Arbitrary File Overwrite Vulnerability

Cisco Prime Collaboration Provisioning Tool is a set of Web-based, next-generation communications services tools from Cisco. The tool provides IP communication services capabilities for IP telephony, voice mail and unified communications environments. A security vulnerability exists in the batch...

Cisco ASR 5000 Series Aggregated Services Routers StarOS Arbitrary File Write Vulnerability

Cisco ASR 5000 Series Aggregated Services Routers are the ASR 5000 Series Aggregated Services Router products from Cisco.StarOS is the set of operating systems that run on them. An arbitrary file write vulnerability exists in StarOS in Cisco ASR 5000 Series Aggregated Services Routers version...

USN-3215-2 munin regression

USN-3215-1 fixed a vulnerability in Munin. The upstream patch caused a regression leading to errors being appended to the log file. This update fixes the problem. Original advisory details: It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to...

CVE-2017-5630

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...

ntp: config command can be used to set the pidfile and drift file paths

It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process immediately or the current estimated drift of the...

Joyent Node.js tar Sensitive Information Disclosure Vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in the Joyent Node.js tar allows remote attackers to overwrite and extract targets outside of a specific directory via a symbolic link attack...

F-Secure Multiple Products ActiveX SEH Overwrite Vulnerability (Heap Spray)

No description provided by source. Exploit Title: F-Secure Multiple Products ActiveX Remote SEH Overwrite VulnerabilityHeap Spray Discovered Date: 24/05/2011 Author: 41.w4r10r Version: Multiple Tested on : Windows XP SP2 Eng, IE 6,7,8 Exploit-DB Notes: moved to 'local' since you have to run it as...

CVE-2013-5648

Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / slash or \ backslash in a DDOC file...

libpng: buffer overwrite in png_rgb_to_gray

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the pngrgbtogray function but not the pngsetexpand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and...

PT-2010-1023 · Debian · Lintian

Name of the Vulnerable Software and Affected Versions: Lintian versions 1.23.x through 1.23.28 Lintian versions 1.24.x through 1.24.2.1 Lintian versions 2.x before 2.3.2 Description: Multiple directory traversal vulnerabilities allow remote attackers to overwrite arbitrary files or obtain sensiti...

Kolibri+ Web Server 2 - GET Remote Overwrite (SEH)

Kolibri+ Web Server 2 - GET Remote Overwrite SEH !/usr/bin/python Could not get this to work on XP SP3. php5ts.dll is the only module with safe seh off but could not get the pop pop ret to work correctly despite the large number of usable addresses that were tested. $ ./kolibri.py 192.168.1.146...

Kolibri+ Web Server 2 - GET Remote Overwrite (SEH)

!/usr/bin/python Could not get this to work on XP SP3. php5ts.dll is the only module with safe seh off but could not get the pop pop ret to work correctly despite the large number of usable addresses that were tested. $ ./kolibri.py 192.168.1.146 8080 Kolibri+ Webserver 2 SEH Overwrite Written by...

Amaya Web Editor 11 - Remote Overwrite (SEH)

Amaya Web Editor 11 - Remote Overwrite SEH !/usr/bin/perl Title: Amaya Web Editor 11 Remote SEH Overwrite Exploit Summary: Amaya is a Web editor, i.e. a tool used to create and update documents directly on the Web. Product web page: http://www.w3.org/Amaya/ Tested on Microsoft Windows XP...

Amaya Web Editor 11 - Remote Overwrite (SEH)

!/usr/bin/perl Title: Amaya Web Editor 11 Remote SEH Overwrite Exploit Summary: Amaya is a Web editor, i.e. a tool used to create and update documents directly on the Web. Product web page: http://www.w3.org/Amaya/ Tested on Microsoft Windows XP Professional SP2 English Reference:...

CVE-2008-3910

dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the 1 dnssimpledecode or 2 dnsdecode function, which allows remote attackers to overwrite a buffer and have unspecified other impact...

Youngzsoft CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)

0 strUID = arrStringi objPOP3.MoveToFolder strUID ' ---------------- bof ... By attaching olly to the w3wp.exe sub-process you will see the usual dump with ecx and eip owned, with a buffer of approxymately 13000 chars. Exploitation is post-auth...

Code injection

The NNSTAT aka SYSPROC.NNSTAT procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter...