EUVD-2011-1150

Malware in sbrugna...

The vulnerability of the key-delete function in Moxa’s TN-4900 and TN-5900 series microprogrammable router software allows for the creation or re-write of arbitrary files within the system.

The vulnerability of the key-delete function in Moxa’s TN-4900 and TN-5900 series microprogrammable router software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to create or re-record arbitrary files within the system remotely...

The vulnerability of the Adobe Genuine Service application checking service, related to errors in processing symbolic links, allows a perpetrator to re-record arbitrary files and increase their privileges.

The vulnerability of the Adobe Genuine Service application checking service is related to reading data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to rewrite arbitrary files and increase their privileges...

Arbitrary File Rewrite

spring-integration-zip is vulnerable to an arbitrary file rewrite aka a zip slip vulnerability. An incomplete fix of CVE-2018-1263 allows an attacker to send a malicious zip archive bzip2, tar, xz, war, cpio, 7z with path traversal filenames, leading to writing of files outside of the target...

The vulnerability in the internal file management service of the Cisco NX-OS operating system for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches allows a attacker to rewrite arbitrary files.

The vulnerability of the internal file management service in the Cisco NX-OS operating system for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches lies in the use of files and directories accessible from external parties. Exploiting this vulnerability allows a malicious actor...

The configuration function vulnerability of the Cisco Nexus Data Broker allows a perpetrator to rerecord arbitrary files.

The vulnerability of the configuration function of the Cisco Nexus Data Broker lies in insufficient verification of configuration backup files. Exploiting this vulnerability allows a malicious actor to rewrite any files at will...

Arbitrary File Rewrite

The cpio packages is vulnerable to Arbitrary File Rewrite. Improper input validation when writing tar header fields leads to unexpect tar generation...

The vulnerability of the Pacemaker resource manager in the operating system utility package for SUSE Linux Supportutils allows a hacker to re-record arbitrary files.

The vulnerability of the Pacemaker resource manager in the Oracle Enterprise Linux distribution is related to an incorrect definition of the link before accessing a file. Exploiting this vulnerability could allow an attacker to re-write any files they desire...

CVE-2011-1136

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file...

CVE-2011-1136

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file...

Adobe ColdFusion Arbitrary File Rewrite Vulnerability

Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. An arbitrary file rewrite vulnerability exists in Adobe ColdFusion. An attacker could overwrite arbitrary...

MS Internet Explorer <= 7 Remote Arbitrary File Rewrite PoC (MS07-027)

No description provided by source. html title MS07-027 mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification /title body OBJECT id=target classid=clsid:d4fe6227-1288-11d0-9097-00aa004254a0 /OBJECT script language=vbscript //next script is converted to UTF16...

iDefense Security Advisory 01.13.09: Oracle Database 10g R2 Summary Advisor Arbitrary File Rewrite Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 01.12.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 12, 2009 I. BACKGROUND Oracle Database Server is a family of database products that range from personal databases to enterprise solutions. Further informati...

MS Internet Explorer &lt;= 7 Remote Arbitrary File Rewrite PoC (MS07-027)

No description provided by source. html title MS07-027 mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification /title body OBJECT id="target" classid="clsid:d4fe6227-1288-11d0-9097-00aa004254a0" /OBJECT script language="vbscript" //next script is converted to UTF16...

Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027)

Microsoft Internet Explorer 7 - Arbitrary File Rewrite MS07-027 MS07-027 mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification //next script is converted to UTF16 target.SessionDescription="MS07-027 mdsauth.dll Proof of Concept exploit" target.SessionAuthor="Andr...

MS Internet Explorer <= 7 Remote Arbitrary File Rewrite PoC (MS07-027)

Exploit for unknown platform in category remote exploits ====================================================================== MS Internet Explorer MS07-027 mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification //next script is converted to UTF16...

Microsoft Internet Explorer 7 - Arbitrary File Rewrite (MS07-027)

MS07-027 mdsauth.dll NMSA Session Description Object SaveAs control, arbitrary file modification //next script is converted to UTF16 target.SessionDescription="MS07-027 mdsauth.dll Proof of Concept exploit" target.SessionAuthor="Andres Tarasco Acuna" target.SessionEmailContact="atarascoatgmail.co...

CVE-2007-2221

Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to...

CVE-2007-2221

CVE-2007-2221 corresponds to a vulnerability in the mdsauth.dll ActiveX control used by Microsoft Windows Media Services within Internet Explorer. The mdsauth.dll COM object can be instantiated via IE, enabling an attacker to overwrite arbitrary files on a vulnerable system, potentially allowing ...

CVE-2007-2221

Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to...