2509 matches found
Debian: Security Advisory (DSA-2108-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft IIS FTP Server NLST Response Overflow
$Id: ms09053ftpdnlst.rb 10558 2010-10-05 23:39:14Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
CVE-2010-2226
The xfsswapext function in fs/xfs/xfsdfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file...
CVE-2010-2226
CVE-2010-2226 affects the Linux kernel: the xfs_swapext function in fs/xfs/xfs_dfrag.c does not properly validate file descriptors passed to the SWAPEXT ioctl, enabling a local user with write access to swap a file into another and gain read access. The issue is present in kernel versions before ...
CORE-2009-0813: Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Windows Movie Maker and Microsoft Producer IsValidWMToolsStream Heap Overflow 1. Advisory Information Title: Windows Movie Maker and Microsoft Producer...
Microsoft IIS WebDAV Write Access Code Execution
$Id: iiswebdavuploadasp.rb 8413 2010-02-08 19:12:59Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Microsoft IIS WebDAV Write Access Code Execution
This module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script via a WebDAV PUT request. The target IIS machine must meet these conditions to be considered as exploitable: It allows 'Script resource access', Read and Wri...
CVE-2009-2939
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files...
OXID eShop Community Edition Unauthorized Write Access Vulnerability
This host is installed with OXID eShop Community Edition and is prone to unauthorized access vulnerability. OpenVAS Vulnerability Test $Id: secpodoxideshopunauthwritevuln.nasl 5122 2017-01-27 12:16:00Z teissa $ OXID eShop Community Edition Unauthorized Write Access Vulnerability Authors: Nikita M...
OXID eShop Community Edition 4.x <= 4.1.1 Unauthorized Write Access Vulnerability
OXID eShop Community Edition is prone to unauthorized access vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Microsoft IIS FTPd NLST stack overflow
Microsoft IIS FTPd NLST stack overflow The Microsoft IIS FTPd service may be vulnerable to a stack overflow via the NLST command. On Microsoft IIS 5.x this vulnerability can be used to gain remote SYSTEM level access, whilst on IIS 6.x it has been reported to result in a denial of service. Whilst...
Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow
Overview The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description IIS is a web server that comes with Microsoft Windows. IIS also includes FTP server...
IBM DB2 8.1 < Fix Pack 18 Multiple Vulnerabilities
According to its version, the installation of IBM DB2 8.1 running on the remote host is affected by one or more of the following issues : - A local attacker may be able to gain write access to an arbitrary file using DAS, which could lead to gaining root privileges. IZ34149 - It may be possible t...
PT-2009-4203 · Netmechanica · Netdecision Tftp Server
Name of the Vulnerable Software and Affected Versions: NetMechanica NetDecision TFTP Server version 4.2 Description: The issue allows remote attackers to read or modify arbitrary files via directory traversal sequences in the 1 GET or 2 PUT command. Recommendations: For NetMechanica NetDecision...
Mandriva Update for tar MDKSA-2007:173 (tar)
Check for the Version of tar OpenVAS Vulnerability Test Mandriva Update for tar MDKSA-2007:173 tar Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
Design/Logic Flaw
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to 1 console/tty, 2 console/limit, or 3 image/device-model-pid...
CVE-2008-5716
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to 1 console/tty, 2 console/limit, or 3 image/device-model-pid...
CVE-2008-4405
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to 1...
Gentoo Security Advisory GLSA 200605-05 (rsync)
The remote host is missing updates announced in advisory GLSA 200605-05. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200605-05 (rsync)
The remote host is missing updates announced in advisory GLSA 200605-05. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...