U.S. Dept Of Defense: Bypass file access control vulnerability on a DoD website

A DoD website was configured in a manner that allowed a remote user to bypass a file access control. This vulnerability could have allowed the user to view potentially sensitive system files. @generaleg able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @generale...

MS13-082: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: October 8, 2013

MS13-082: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: October 8, 2013 View products that this article applies to. Introduction This update resolves a vulnerability in the Microsoft .NET Framework that could...

Finecms Enterprise Edition Has Arbitrary File Download Vulnerability

FineCMS is a content management system based on PHP+MySql. An arbitrary file download vulnerability exists in Finecms Enterprise Edition. An attacker can exploit the vulnerability to directly download website configuration information or system files...

CVE-2016-6852

Open-Xchange OX App Suite is affected by CVE-2016-6852. The vulnerability exists in versions prior to 7.8.2-rev8 and arises from allowing users to supply local file paths to the RSS reader. The response and error handling can reveal whether a given path exists, enabling attackers to enumerate spe...

Earcms down.php suffers from arbitrary file download vulnerability

Ear Music Ear Music is an interface using Discuz backend style and UCHome user center style combined with the core by the high-speed template engine and caching mechanism and other frameworks coexist PHP open source music system. Earcms down.php arbitrary file download vulnerability. Allow...

Microsoft Authorization Manager 6.1.7601 - azman XML External Entity Injection

Microsoft Authorization Manager 6.1.7601 - azman XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-AZMAN-XXE-FILE-EXFILTRATION.txt + ISR: ApparitionSec Vendor: ==================...

earcms audio.php has an arbitrary file download vulnerability

Ear Music Ear Music is an interface using Discuz background style and UCHome user center style combined with the core by the high-speed template engine and caching mechanism and other frameworks coexist PHP open source music system. earcms audio.php arbitrary file download vulnerability. Allow...

Ear Music (Ear Music) download.php has an arbitrary file download vulnerability

Ear Music Ear Music is an interface using Discuz background style and UCHome user center style combined with the core by the high-speed template engine and caching mechanism and other frameworks coexist PHP open source music system. Ear Music Ear Music download.php arbitrary file download...

U.S. Dept Of Defense: Unrestricted File Download / Path Traversal

A misconfigured USTRANSCOM website allowed arbitrary system files to be downloaded. ziot was able to demonstrate this vulnerability by downloading a file from a specially crafted URL. Thanks ziot!...

Teradata Studio Express 15.12.00.00 Race Condition Vulnerability

Exploit for linux platform in category local exploits Title: /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall Author: Larry W. Cashdollar, @larry0 Date: 2016-10-03 Download Site: http://downloads.teradata.com/download/tools/teradata-studio-express Vendor: Teradata...

Cisco IOS XE Software Directory Traversal Vulnerability

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced source...

CA Unified Infrastructure Management download_lar Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information from vulnerable installations of CA Unified Infrastructure Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the downloadlar servlet. The servlet is...

Tomcat service local mention the right vulnerability alerts-a vulnerability alert-the black bar safety net

Tomcat is by Apache Software Foundation subordinate's Jakarta a project development Servlet vessel, in accordance with Sun Microsystems to provide the technical specifications, the realization of the Servlet and JavaServer Page（JSP）support, and provides as aWeb serversome unique functions, like...

docker2aci directory traversal vulnerability

docker2aci is a set of tools for converting Docker images into ACIs format. A directory traversal vulnerability exists in docker2aci that allows remote attackers to submit a directory traversal request to read arbitrary system files...

CVE-2016-5700

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the...

CVE-2016-5700

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the...

Multiple Vulnerabilities in Trend Micro Smart Protection Server

Trend Micro Smart Protection Server is a server that provides smart protection. Trend Micro Smart Protection Server has multiple security vulnerabilities that can be exploited by remote attackers to submit a special request to view arbitrary system files, execute arbitrary code, and gain privileg...

Exponent CMS Local File Inclusion Vulnerability

Exponent CMS is a free, open source, modular PHP-based content management system. Exponent CMS suffers from a local file inclusion vulnerability that allows remote attackers to submit a specially crafted request to view the contents of system files with WEB privileges...

Arbitrary File Download Vulnerability in Wando OA Professional Edition

Wando OA Professional is a comprehensive office system that combines the functions of collaboration software, portal, ERP, CRM, HR, finance, e-mail and video conferencing. The product has an arbitrary file download vulnerability, which can be exploited by an attacker to download any system file,...

NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006)

Exploit for bsd platform in category local exploits // Source: http://akat1.pl/?id=2 include include include include include include include include define ATRUNPATH "/usr/libexec/atrun" define MAILDIR "/var/mail" static int overwriteatrunvoid char script = "! /bin/sh\n" "cp /bin/ksh /tmp/ksh\n"...