MySQL 3.20.32 a/3.23.34 Root Operation Symbolic Link File Overwriting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2522/info MySQL is a relational database management system RDBMS, freely available and open source. It is maintained by MySQL AB. A problem with the implementation of some MySQL databases may permit local users to overwri...

Serv-U 2.4/2.5 FTP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2052/info FTP Serv-U is an internet FTP server from CatSoft. Authenticated users can gain access to the ftproot of the drive where Serv-U FTP has been installed. Users that have read, write, execute and list access in the...

file sharing for net 1.5 - Directory Traversal file disclosure vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8513/info File Sharing for Net is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing to parse...

Linux System Files Information Disclosure (CVE-2018-10823; CVE-2018-3948)

Linux operating system contains system files with sensitive information. If not properly configured, remote attackers can view the information on such files...

FD - Cobbler Arbitrary File Read CVE-2014-3225

Vulnerability title: Arbitrary file read CVE: CVE-2014-3225 Vendor: Cobbler Product: Cobbler Affected version: =2.6.0 Fixed version: N/A Reported by: Dolev Farhi ---------------------------- VULNERABILITY Details: ---------------------------- In all Cobbler versions = 2.6.0 an arbitrary system...

ElasticSearch - Remote Code Execution

body padding-top: 50px; .starter-template padding: 40px 15px; text-align: center; function esinject var readfile; var writefile; readfile = functionfilename return "import java.util.;\nimport java.io.;\nnew Scannernew File"" + filename + "".useDelimiter"\\Z".next;"; ; writefile =...

Xangati software release contains relative path traversal and command injection vulnerabilities

Overview Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities. Description Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities.CWE-23: Relative Path Traversal -CVE-2014-0358 The...

CA Erwin Web Portal目录遍历漏洞

Bugtraq ID:66644 CVE ID:CVE-2014-2210 CA ERwin Web Portal是基于网络的新界面CA ERwin网络门户。 CA ERwin Web Portal存在多个目录遍历漏洞，允许远程攻击者利用漏洞提交请求以WEB权限查看系统文件内容。 0 CA ERwin Web Portal 9.5 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=7F968A14-7407-4BCF-9EB1-EFE9F0E6D663...

SAP NetWeaver - SMB Relay

Application: SAP Vendor URL: http://www.sap.com Bugs: Security Bypass, Directory Traversal, SMB Relay Exploits: YES Reported: 01.07.2014 Vendor response: 02.07.2014 Date of Public Advisory: 15.12.2014 Reference: SAP Security Note 2056333 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION...

eduTrac目录遍历漏洞

Bugtraq ID:64255 eduTrac是一个开源的学生管理信息系统。 eduTrac存在一个未明目录遍历漏洞，允许远程攻击者利用漏洞提交特殊请求，查看系统文件内容。 0 eduTrac 1.1.1-Stable eduTrac 1.1.2版本以修复此漏洞，建议用户下载使用： http://sourceforge.net/projects/edutrac/...

IT-Grundschutz M4.135: Restriktive Vergabe von Zugriffsrechten auf Systemdateien

IT-Grundschutz M4.135: Restriktive Vergabe von Zugriffsrechten auf Systemdateien. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94215 Stand: 13. Ergänzungslieferung 1...

Alienvault Open Source SIEM (OSSIM) - Timestamp Directory Traversal

Alienvault Open Source SIEM OSSIM - Timestamp Directory Traversal source: https://www.securityfocus.com/bid/62899/info Open Source SIEM OSSIM is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker ...

Alienvault Open Source SIEM (OSSIM) - 'Timestamp' Directory Traversal

source: https://www.securityfocus.com/bid/62899/info Open Source SIEM OSSIM is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to gain access to arbitrary system files. Information harvested ma...

Telnet-Ftp Server Directory Traversal Vulnerability

The host is running Telnet-Ftp server and is prone to directory traversal vulnerabilities. OpenVAS Vulnerability Test $Id: gbtelnetftpserverdirtravvun.nasl 6086 2017-05-09 09:03:30Z teissa $ Telnet-Ftp Server Directory Traversal Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2013...

SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8647)

The following security issues have been fixed : - bnc828020: o Integer overflow in SdnToJewish. CVE-2013-4635 - bnc807707: o reading system files via untrusted SOAP input o soap.wsdlcachedir function did not honour PHP openbasedir. CVE-2013-1635 / CVE-2013-1643 - bnc829207: o heap corruption due ...

CVE-2013-3429

Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager VSM before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the CiscoVSBWT aka Broadware sample code package, aka Bug ID CSCsv37163...

Directory traversal

Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager VSM before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the CiscoVSBWT aka Broadware sample code package, aka Bug ID CSCsv37163...

Novell ZENworks Mobile Management MDM.php Language Parameter Vulnerability

Added: 06/15/2013 CVE: CVE-2013-1081 BID: 58402 OSVDB: 91119 Background ZENworks Mobile Management ZMM offers centralized management tools that are useful for deploying new mobile devices in the workforce, whether those devices are company-issued or privately owned. ZMM ensures that users have th...

WordPress Advanced XML Reader 0.3.4 XXE Injection

The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE XML eXternal Entity processing attacks. After installing the plugin on a Windows machine, I created a text file in the root of C:\ named "test.txt", which...

Cisco Prime Central for Hosted Collaboration Solution Directory Traversal Vulnerability

A vulnerability in Cisco Prime Central for Hosted Collaboration Solution could allow an unauthenticated, remote attacker to view system files. The vulnerability is due to insufficient path traversal prevention. An attacker could exploit this vulnerability by submitting a crafted URL. An exploit...