Lucene search
K

2460 matches found

OpenVAS
OpenVAS
added 2014/10/10 12:0 a.m.30 views

XAMPP < 1.8.2 Local Write Access Vulnerability (Oct 2014) - Active Check

XAMPP is prone to an arbitrary file download vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apachefriends:xampp";...

4.3CVSS6.5AI score0.0521EPSS
Exploits6References3
OSV
OSV
added 2014/10/06 11:55 p.m.6 views

CVE-2014-1875

The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file...

6.1AI score
Exploits0References13
NVD
NVD
added 2014/09/18 10:55 a.m.20 views

CVE-2014-4386

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access...

1.9CVSS5.8AI score0.00255EPSS
Exploits0References6
Cvelist
Cvelist
added 2014/09/18 10:0 a.m.22 views

CVE-2014-4386

Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access...

5.8AI score0.00255EPSS
Exploits0References6
Cvelist
Cvelist
added 2014/08/29 10:0 a.m.26 views

CVE-2014-3084

IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other...

6.2AI score0.01735EPSS
Exploits0References6
CVE
CVE
added 2014/08/29 10:0 a.m.50 views

CVE-2014-3084

The CVE-2014-3084 issue affects IBM Maximo Asset Management and related products (including Maximo Asset Management Essentials, Maximo Industry Solutions, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CMDB products). It allows re...

4.9CVSS6.3AI score0.01735EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.72 views

Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities

Deutsche Telekom CERT Advisory DTC-A-20140820-001 Summary: Several vulnerabilities were found in checkmk prior versions 1.2.4p4 and 1.2.5i4. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS 2 - write access to config files .mk files 3 - arbitrary code execution Recommendations:...

9.3CVSS6.5AI score0.06138EPSS
Exploits0
Debian
Debian
added 2014/08/01 11:12 a.m.31 views

[DLA 28-1] augeas security update

Package : augeas Version : 0.7.2-1+deb6u1 CVE ID : CVE-2012-0786 CVE-2012-0787 CVE-2013-6412 Debian Bug : 731111 731132 Multiple race conditions were discovered in augeas when saving configuration files which expose it to symlink attacks. Write access to the directory where the configuration file...

4.6CVSS5.8AI score0.00446EPSS
Exploits1
OSV
OSV
added 2014/08/01 12:0 a.m.26 views

DLA-28-1 augeas - security update

Bulletin has no description...

4.6CVSS6AI score0.00446EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2014/07/17 3:32 p.m.11 views

kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command

A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory. CVE-2014-173...

7.2CVSS6.5AI score0.00524EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

WordPress Plugin Google Document Embedder Arbitrary File Disclosure

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rbmysql' cla...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

CVSWeb Developer CVSWeb 1.80 insecure perl "open" Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1469/info Cvsweb 1.80 makes an insecure call to the perl OPEN function, providing attackers with write access to a cvs repository the ability to execute arbitrary commands on the host machine. The code that is being...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Pacific Software Carello 1.2.1 File Duplication and Source Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1245/info A remote user can gain read and write access on a target machine running Carello shopping cart software. First, a user may create a duplicate of a known file in a known directory on the target host through add.e...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Microsoft IIS FTP Server NLST Response Overflow

No description provided by source. $Id: ms09053ftpdnlst.rb 11003 2010-11-12 06:19:49Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/06/26 5:7 p.m.5 views

kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command

A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory. CVE-2014-173...

7.2CVSS6.5AI score0.00524EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2014/05/14 7:55 p.m.2 views

CVE-2013-5655

Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. dot dot in the default URI...

6.4CVSS5.9AI score0.01758EPSS
Exploits0References5
NVD
NVD
added 2014/05/11 9:55 p.m.27 views

CVE-2014-1738

The rawcmdcopyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to...

2.1CVSS6.7AI score0.00524EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2014/03/10 12:0 a.m.51 views

Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2137-1)

An information leak was discovered in the Linux kernel when built with the NetFilter Connection Tracking NFCONNTRACK support for IRC protocol NFNATIRC. A remote attacker could exploit this flaw to obtain potentially sensitive kernel information when communicating over a client- to-client IRC...

4.9CVSS6.5AI score0.03849EPSS
Exploits1References4
Cvelist
Cvelist
added 2014/03/03 2:0 a.m.24 views

CVE-2014-1885

The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain...

7.4AI score0.01565EPSS
Exploits1References3
CVE
CVE
added 2014/03/03 2:0 a.m.57 views

CVE-2014-1885

The CVE-2014-1885 entry concerns the ForzeArmate Android app. Affected component: the app itself when using Adobe PhoneGap 2.9.0 or earlier. Root cause: attacker-controlled Google syndication advertising domain enables remote JavaScript code execution within the app, which can then obtain write a...

6.4CVSS7.6AI score0.01565EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder