EverFocus Multiple Devices Directory Traversal (Mar 2013) - Active Check

Multiple EverFocus devices are prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Debian Security Advisory DSA 2639-1 (php5 - several vulnerabilities)

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-1635 If a PHP application accepted untrusted SOAP object input remotely from clients, an attacker could read system files...

AIX 5.3 TL 0 : libc (IZ50500)

There is a race condition in the MALLOCDEBUG debugging component of the malloc subsystem in the library libc.a. A local user can exploit this race condition when executing setuid root programs and thereby overwrite any file in the system. The successful exploitation of this vulnerability allows a...

Squiz CMS 11654 File Path Traversal

======= Summary ======= Name: Squiz CMS - File Path Traversal Release Date: 30 November 2012 Reference: NGS00330 Discoverer: Robert Ray Vendor: Squiz Vendor Reference: 11846 Systems Affected: Squiz CMS V11654 Risk: High Status: Published ======== TimeLine ======== Discovered: 29 June 2012 Release...

weBid 1.0.5 - Directory Traversal

Author: loneferret of Offensive Security Product: WeBid Version: 1.0.4 & 1.0.5 and maybe older versions Vendor Site: http://www.webidsupport.com Software Download: http://sourceforge.net/projects/simpleauction/files/simpleauction/WeBid%20v1.0.5/WeBid-1.0.5.zip/download/download Other related...

Slackware: Security Advisory (SSA:2004-278-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

QNAP Turbo NAS Multiple Path Injection

Vulnerability: Multiple Path Injection Product: QNAP Turbo NAS Vendor: QNAP Version affected: = 3.7.3 build 20120801 Status: Unpatched Website: http://web.qnap.com/prodetailfeature.asp?pid=202 Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it This...

QNAP Turbo NAS 3.7.3 File Disclosure

Vulnerability: Multiple Path Injection Product: QNAP Turbo NAS Vendor: QNAP Version affected: = 3.7.3 build 20120801 Status: Unpatched Website: http://web.qnap.com/prodetailfeature.asp?pid=202 Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it This...

QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections

Exploit Title: QNAP Turbo NAS Multiple Path Injection Date: 2012-09-04 Exploit Author: Andrea Fabrizi Vendor Homepage: http://www.qnap.com/ Version: = 3.7.3 build 20120801 Tested on: QNAP TS-1279U-RP This vulnerability has been discovered on QNAP TS-1279U-RP, but probably other products that use...

GLSA-201206-36 : logrotate: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201206-36 logrotate: Multiple vulnerabilities Multiple vulnerabilities have been discovered in logrotate. Please review the CVE identifiers referenced below for details. Impact : A local attacker could use this flaw to truncate...

[ MDVSA-2012:030 ] systemd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:030 http://www.mandriva.com/security/ Package : systemd Date : March 16, 2012 Affected: 2011. Problem Description: A vulnerability has been found and corrected in systemd: A TOCTOU race condition was found i...

PBLang 4.67.16.a Local File Inclusion

||\ || || || |-\ //-| || \ || || || | |\ //| | | \ | | |/ / || \ || || || | | \ // | | | \ | | / / || \ || || || | | \ // | | | | | | | /'\ / / || \ || || || | | \ // | | | | | \ \ / / / || \ || |||| | | \// | | | | | | | \ \ / / || \|| || || || |/ || // // Exploit Title: PBLang...

SuSE 11.1 Security Update : Qt (SAT Patch Number 5131)

The following security issues have been fixed : - Specially crafted font files could cause a single byte heap based buffer overflow. CVE-2011-3193 - Specially crafted grey scale images could cause a heap-based buffer overflow. CVE-2011-3194 - SSL servers could run into an endless loop CVE-2010-26...

Oracle AutoVue AutoVueX ActiveX Control ExportEdaBom Arbitrary File Overwrite

Added: 11/07/2011 BID: 50332 OSVDB: 76539 Background Oracle AutoVue Enterprise Visualization is a suite of Oracle products designed to deliver a web-based capability to access, view, digitally annotate and collaborate on technical and business documents, without requiring specialized computer-aid...

Typo3 - File Disclosure

| | | ||\ || || || | \ // | | | || \ || || || | |\ //| | | \ | | |/ / | | || \ || || || | | \ // | | | \ | | / / | | || \ || || || | | \ // | | | | | | | /'\ / / | | || \ || || || | | \ // | | | | | \ \ / / / | | || \ || |||| | | \// | | | | | | | \ \ / / | | || \|| || || / || |/...

Apache Tomcat 7.0.x < 7.0.17 Multiple Vulnerabilities

Binary data 5996.pasl...

Discuz! NT 3.6 user-space cross-site vulnerabilities and fixes-vulnerability warning-the black bar safety net

Affected version: Discuz! NT 3.6 Vulnerability description: Discuz! NT3. 6 version of the user space log edit not user-submitted data do security filtering, and can lead to insertion of malicious code. Attacker to exploit the vulnerability, you may get a normal user the Cookie of sensitive data,...

Puzzle Apps CMS 3.2 Local File Inclusion

------------------------------------------------------------------------ Software................ Puzzle Apps CMS 3.2 Vulnerability........... Local File Inclusion Site.................... http://www.puzzleapps.org/ Download Link...

Design/Logic Flaw

dbusbackend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a 1 SetSystemDefaultLangEnv or 2...

CVE-2011-0729

CVE-2011-0729 affects the language-selector D-Bus backend (dbus_backend/ls-dbus-backend) in versions before 0.6.7. The component does not restrict access based on PolicyKit checks, allowing a local user to modify /etc/default/locale and /etc/environment via (1) SetSystemDefaultLangEnv or (2) SetS...