79 matches found
libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning
It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system...
openSUSE Security Update : go1.11 (openSUSE-2019-1018)
This new package for go1.11 fixes the following issues: Security issues fixed : - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag bsc1118897 - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution bsc1118898 -...
openSUSE: Security Advisory for go1.11 (openSUSE-SU-2018:4181-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : go1.11 (openSUSE-2018-1572)
This new package for go1.11 fixes the following issues: Security issues fixed : - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag bsc1118897 - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution bsc1118898 -...
Security update for go1.11 (important)
This new package for go1.11 fixes the following issues: Security issues fixed: - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag bsc1118897 - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution bsc1118898 -...
rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to...
rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to...
[ASA-201807-14] jenkins: multiple issues
Arch Linux Security Advisory ASA-201807-14 ========================================== Severity: High Date : 2018-07-21 CVE-ID : CVE-2018-1999001 CVE-2018-1999002 CVE-2018-1999003 CVE-2018-1999004 CVE-2018-1999005 CVE-2018-1999006 CVE-2018-1999007 Package : jenkins Type : multiple issues Remote :...
NetEx HyperIP 6.1.0 Local File Inclusion Vulnerability
NetEx HyperIP version 6.1.0 suffers from a local file inclusion vulnerability. Title: NetEx HyperIP Local File Inclusion Vulnerability Advisory ID: KL-001-2018-005 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt 1. Vulnerability...
NetEx HyperIP 6.1.0 Local File Inclusion
KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability Title: NetEx HyperIP Local File Inclusion Vulnerability Advisory ID: KL-001-2018-005 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt 1. Vulnerability Details Affecte...
NetEx HyperIP Local File Inclusion Vulnerability
Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path, CWE-592: Authentication Bypass Issues Impact: Arbitrary Filesystem Reads Attack vector: HTTPS 2...
[ASA-201712-2] cacti: multiple issues
Arch Linux Security Advisory ASA-201712-2 ========================================= Severity: High Date : 2017-12-02 CVE-ID : CVE-2017-16641 CVE-2017-16660 CVE-2017-16661 CVE-2017-16785 Package : cacti Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-537 Summary =====...
[ASA-201708-7] mercurial: multiple issues
Arch Linux Security Advisory ASA-201708-7 ========================================= Severity: Critical Date : 2017-08-12 CVE-ID : CVE-2017-1000115 CVE-2017-1000116 Package : mercurial Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-378 Summary ======= The package...
webkit2gtk: multiple issues
CVE-2016-4590 same-origin policy bypass xisigr of Tencents Xuanwu Lab discovered a vulnerability in the way webkit handles URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. - CVE-2016-4591 arbitrary filesystem access ma.la of LINE Corporation discoveered...
SUSE: Security Advisory for wget (SUSE-SU-2014:1366-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES11 Security Update : wget (SUSE-SU-2014:1366-2)
wget was updated to fix one security issue and two non-security issues : - FTP symbolic link arbitrary filesystem access CVE-2014-4877. - Fix displaying of download time bnc901276. - Fix 0 size FTP downloads after failure bnc885069. Note that Tenable Network Security has extracted the preceding...
GNU Wget FTP Symlink Arbitrary Filesystem Access Exploit
This module exploits a vulnerability in Wget when used in recursive -r mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGETDATA option. Tested successfully with...
wget security update
1.14-10.1 - Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem access 1156135...
IRM Security Advisory 9
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 009 RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities Vulnerablity Type / Importance: Network Subversion, Open Proxy, Brute-For...