2460 matches found
XAMPP < 1.8.2 Local Write Access Vulnerability (Oct 2014) - Active Check
XAMPP is prone to an arbitrary file download vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apachefriends:xampp";...
CVE-2014-1875
The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file...
CVE-2014-4386
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access...
CVE-2014-4386
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access...
CVE-2014-3084
IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other...
CVE-2014-3084
The CVE-2014-3084 issue affects IBM Maximo Asset Management and related products (including Maximo Asset Management Essentials, Maximo Industry Solutions, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CMDB products). It allows re...
Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities
Deutsche Telekom CERT Advisory DTC-A-20140820-001 Summary: Several vulnerabilities were found in checkmk prior versions 1.2.4p4 and 1.2.5i4. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS 2 - write access to config files .mk files 3 - arbitrary code execution Recommendations:...
[DLA 28-1] augeas security update
Package : augeas Version : 0.7.2-1+deb6u1 CVE ID : CVE-2012-0786 CVE-2012-0787 CVE-2013-6412 Debian Bug : 731111 731132 Multiple race conditions were discovered in augeas when saving configuration files which expose it to symlink attacks. Write access to the directory where the configuration file...
DLA-28-1 augeas - security update
Bulletin has no description...
kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command
A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory. CVE-2014-173...
WordPress Plugin Google Document Embedder Arbitrary File Disclosure
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rbmysql' cla...
CVSWeb Developer CVSWeb 1.80 insecure perl "open" Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1469/info Cvsweb 1.80 makes an insecure call to the perl OPEN function, providing attackers with write access to a cvs repository the ability to execute arbitrary commands on the host machine. The code that is being...
Pacific Software Carello 1.2.1 File Duplication and Source Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1245/info A remote user can gain read and write access on a target machine running Carello shopping cart software. First, a user may create a duplicate of a known file in a known directory on the target host through add.e...
Microsoft IIS FTP Server NLST Response Overflow
No description provided by source. $Id: ms09053ftpdnlst.rb 11003 2010-11-12 06:19:49Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command
A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory. CVE-2014-173...
CVE-2013-5655
Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. dot dot in the default URI...
CVE-2014-1738
The rawcmdcopyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to...
Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2137-1)
An information leak was discovered in the Linux kernel when built with the NetFilter Connection Tracking NFCONNTRACK support for IRC protocol NFNATIRC. A remote attacker could exploit this flaw to obtain potentially sensitive kernel information when communicating over a client- to-client IRC...
CVE-2014-1885
The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain...
CVE-2014-1885
The CVE-2014-1885 entry concerns the ForzeArmate Android app. Affected component: the app itself when using Adobe PhoneGap 2.9.0 or earlier. Root cause: attacker-controlled Google syndication advertising domain enables remote JavaScript code execution within the app, which can then obtain write a...