117 matches found
CVE-2016-8016
CVE-2016-8016 affects McAfee VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier. The vulnerability is an information disclosure via the web interface: an authenticated remote attacker can use a URL parameter to determine the existence of unauthorized files on the system. Connected sources al...
Debian Security Advisory DSA 3776-1 (chromium-browser - security update)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5006 Mariusz Mlynski discovered a cross-site scripting issue. CVE-2017-5007 Mariusz Mlynski discovered another cross-site scripting issue. CVE-2017-5008 Mariusz Mlynski discovered a third cross-site scripting issue...
Google Chrome PDFium Local File Access Vulnerability
Google Chrome is the United States Google Google company developed a Web browser. PDFium is one of the open source PDF rendering engine. A local file access vulnerability exists in PDFium in versions of Google Chrome prior to 55.0.2883.75. An attacker can exploit this vulnerability to access...
php: missing null byte checks for paths in various PHP extensions
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
Todd Miller Sudo Local Security Bypass Vulnerability
Sudo is a program that allows users to securely execute commands with other user privileges and is widely used under Linux and Unix operating systems. A local security bypass vulnerability exists in Todd Miller Sudo, which allows local attackers to exploit the vulnerability to bypass security...
python security vulnerabilities
json information leak, CGIHTTPServer unauthroized files access and code execution, lz4 integer overflow...
SmallFTPD 1.0.3 - Remote Directory Traversal Vulnerability
No description provided by source. / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Contact: [email protected] ----------------------------------- SmallFTPD...
Armada Design Master Index 1.0 Path Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1772/info Master Index is a commercially supported search engine. Certain versions of this software ship with a path traversal vulnerability. This is to say that a remote user may 'back out' .../ of the web root directory...
Siemens Automation License Manager multiple security vulnerabilities
Code execution, unauthorized files access, DoS...
WinTFTP Server Pro 3.1 Directory Traversal
/ / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / ,tftp Transfers files to and from a remote computer running the TFTP service. TFTP -i host GET | PUT source destination -i Specifies binary image transfer mode also called octet. In binary image mode the file is moved...
Security Flaw in Mac Safari Remains Unfixed for Two Years, Experts Concerned
Two years after fixing a security bug in the Windows version of its Safari browser, Apple apparently has decided that Mac users can go without a fix. Apple was initially unimpressed by Nitesh Dhanjani’s work developing what’s known as a “carpet bomb” attack, the security researcher said in an...
Syncrify < 2.1 Build 420 Multiple Security Bypass Vulnerabilities
According to its version, the remote installation of Syncrify is affected by multiple security bypass vulnerabilities : - The application fails to restrict access to the password management page and allows users to change the administrator's password by directly accessing that page. - It is...
fcrontab Information Disclosure Vulnerability
============================================ fcrontab Information Disclosure Vulnerability March 3, 2010 CVE-2010-0792 ============================================ ==Description== fcrontab, part of the fcron scheduler, is vulnerable to several race conditions that allow a local attacker to use...
Design/Logic Flaw
The filefieldfiledownload function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors...
Windows print spooler multiple security vulnerabilities
Buffer overflow, unauthorized files access, privilege escalation with dynamic library loading...
PT-2009-2018 · Moinmoin · Moinmoin
Name of the Vulnerable Software and Affected Versions: MoinMoin version 1.6.1 Description: The issue concerns the rst parser in MoinMoin, which fails to check the ACL of an included page. This allows attackers to read unauthorized include files via unknown vectors. Recommendations: For MoinMoin...
Axis 70U Network Document Server multiple security vulnerabilities
Privilege escalation, unauthorized files acccess, crossite scripting...
HTTP File Serve multiple security vulnerabilities
Crossite scripting, information disclosure, unauthroized files creation, log manipulation, user name spoofing...
CVE-2005-4825
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service disk consumption, or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332...
Microsoft Office Improper Memory Access Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when Office attempts to process malformed files. An attacker could exploit this issue by enticing a victim to load a malicious Office file. If the vulnerability is successfully exploited, this could...