Lucene search
+L

2509 matches found

cert
cert
added 2006/08/21 12:0 a.m.42 views

Xsan Filesystem fails to properly process path names

Overview A buffer overflow vulnerability in Apple's Xsan product may allow a local attacker to run arbitrary code with root privileges or create a denial-of-service condition. Description Xsan FilesystemXsan is a Storage Area Network SAN filesystem designed for use by Apple OS X and OS X Server...

4.6CVSS7.3AI score0.00489EPSS
Exploits0References2
nessus
nessus
added 2006/07/03 12:0 a.m.33 views

CentOS 3 : tar (CESA-2006:0195)

An updated tar package that fixes a path traversal flaw is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The GNU tar program saves many files together in one archive and can restore individual files or all of the files from that...

5CVSS7.1AI score0.03589EPSS
Exploits0References4
nessus
nessus
added 2006/05/13 12:0 a.m.27 views

GLSA-200605-05 : rsync: Potential integer overflow

The remote host is affected by the vulnerability described in GLSA-200605-05 rsync: Potential integer overflow An integer overflow was found in the receivexattr function from the extended attributes patch xattr.c for rsync. The vulnerable function is only present when the 'acl' USE flag is set...

7.5CVSS6.1AI score0.03633EPSS
Exploits0References2
prion
prion
added 2006/03/19 11:2 p.m.16 views

Authentication flaw

publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and...

7.5CVSS7.9AI score0.06934EPSS
Exploits1References5Affected Software1
exploitpack
exploitpack
added 2006/01/14 12:0 a.m.11 views

Farmers WIFE 4.4 sp1 - FTP Remote System Access

Farmers WIFE 4.4 sp1 - FTP Remote System Access !/usr/bin/perl kokanin 20060106 // farmers wife server 4.4 sp1 allows us to use ../../../ patterns as long as we stand in a folder where we have write access. haha, that's what you get for implementing your own access control instead of relying on t...

0.4AI score
Exploits0
openvas
openvas
added 2005/11/03 12:0 a.m.29 views

Linksys Router Default Password (HTTP)

This Linksys Router has the default password set for the web administration console. SPDX-FileCopyrightText: 2002 Digital Defense Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.6AI score
Exploits0
nessus
nessus
added 2005/06/23 12:0 a.m.16 views

GLSA-200506-21 : Trac: File upload vulnerability

The remote host is affected by the vulnerability described in GLSA-200506-21 Trac: File upload vulnerability Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the 'id' parameter when uploading attachments to the wiki or the bug tracking system. Impact : A remote...

6.1AI score
Exploits0References2
securityvulns
securityvulns
added 2005/06/10 12:0 a.m.33 views

SGI Irix rpc.mountd privilege escalation

Under some conditions write access is possible to read only exports...

3.1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/06/10 12:0 a.m.27 views

[SA15619] SGI IRIX rpc.mountd "read-mostly" Exports Read/Write Access

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Exploits0
nvd
nvd
added 2005/05/02 4:0 a.m.17 views

CVE-2005-1238

By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request...

7.5CVSS6.5AI score0.01764EPSS
Exploits0References3
nvd
nvd
added 2004/12/31 5:0 a.m.18 views

CVE-2004-2613

Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc entries from a vserver context", a...

10CVSS6.4AI score0.02453EPSS
Exploits1References3
osv
osv
added 2004/12/31 5:0 a.m.1 views

DEBIAN-CVE-2004-1438

The modauthzsvn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command...

2.1CVSS6.8AI score0.00701EPSS
Exploits0References1
cert
cert
added 2004/10/20 12:0 a.m.13 views

Multiple Symantec security appliances do not allow the SNMP read-write community string to be changed

Overview A vulnerability exists in multiple Symantec security appliances that could allow a remote attacker to modify the configuration of the device using SNMP. Description The Simple Network Management Protocol SNMP enables network and system administrators to remotely monitor and configure...

7.1AI score
Exploits0References7
redhat
redhat
added 2004/09/01 6:54 p.m.6 views

security flaw

Directory traversal vulnerability in the sanitizepath function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files...

6.4CVSS5.8AI score0.02317EPSS
Exploits0References4
securityvulns
securityvulns
added 2004/09/01 12:0 a.m.30 views

CuteNews News.txt writable to world

Date: August 29, 2004 Vender: http://www.cutephp.com/ Program: CuteNews Versions affected: = 1.3.6 Bug: CuteNews News.txt writable to world Type: Author: e0r www: http://www.rootthief.com/ team: !Sui-Generes !Sui Email: homicidal @ gmail . com ----------------------------- Discription: Cute news ...

6.7AI score
Exploits0
nessus
nessus
added 2004/08/30 12:0 a.m.15 views

GLSA-200407-20 : Subversion: Vulnerability in mod_authz_svn

The remote host is affected by the vulnerability described in GLSA-200407-20 Subversion: Vulnerability in modauthzsvn Users with write access to part of a Subversion repository may bypass read restrictions on any part of that repository. This can be done using an 'svn copy' command to copy the...

2.1CVSS5.7AI score0.00701EPSS
Exploits0References3
nessus
nessus
added 2004/08/30 12:0 a.m.18 views

GLSA-200404-01 : Insecure sandbox temporary lockfile vulnerabilities in Portage

The remote host is affected by the vulnerability described in GLSA-200404-01 Insecure sandbox temporary lockfile vulnerabilities in Portage A flaw in Portage's sandbox wrapper has been found where the temporary lockfiles are subject to a hard-link attack which allows linkable files to be...

5.6AI score
Exploits0References1
nessus
nessus
added 2004/08/30 12:0 a.m.25 views

GLSA-200408-05 : Opera: Multiple new vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200408-05 Opera: Multiple new vulnerabilities Multiple vulnerabilities have been found in the Opera web browser. Opera fails to deny write access to the 'location' browser object. An attacker can overwrite methods in this object a...

5CVSS5.6AI score0.02989EPSS
Exploits1References5
gentoo
gentoo
added 2004/08/05 12:0 a.m.29 views

Opera: Multiple new vulnerabilities

Background Opera is a multi-platform web browser. Description Multiple vulnerabilities have been found in the Opera web browser. Opera fails to deny write access to the "location" browser object. An attacker can overwrite methods in this object and gain script access to any page that uses one of...

5CVSS1.7AI score0.02989EPSS
Exploits1
gentoo
gentoo
added 2004/07/26 12:0 a.m.38 views

Subversion: Vulnerability in mod_authz_svn

Background Subversion is an advanced version control system, similar to CVS, which supports additional functionality such as the ability to move, copy and delete files and directories. A Subversion server may be run as an Apache module, a standalone server svnserve, or on-demand over ssh a la CVS...

2.1CVSS1.8AI score0.00701EPSS
Exploits0
Rows per page
Query Builder