SAP NetWeaver Dispatcher Buffer Overflow Vulnerability

SAP NetWeaver is an integrated application platform based on professional standards that significantly reduces the complexity of system integration. A buffer overflow vulnerability exists in SAP NetWeaver Dispatcher, which could be exploited by remote attackers to execute arbitrary code or to den...

AdaptCMS Arbitrary File Upload Vulnerability

AdaptCMS is a content management system. An arbitrary file upload vulnerability exists in AdaptCMS that could be exploited by an attacker to upload arbitrary files to an affected computer, which could result in the execution of arbitrary code within the context of the application...

ALLPlayer-5.8.1-(.m3u)-

Exploit Title: ALLPlayer 5.8.1 - .m3u Buffer Overflow SEH Date: Mar 1 2014 Exploit Author: Gabor Seljan Software Link: http://www.allplayer.org/download/allplayer Version: 5.8.1 use strict; use warnings; my $filename = "sploit.m3u"; my $junk1 = "\x41" x 301; Offset to SEH my $nSEH = "\x61\x50";...

CVE-2014-2217

CVE-2014-2217 describes an absolute path traversal in the RadAsyncUpload control of Telerik UI for ASP.NET AJAX, affecting versions before Q3 2012 SP2. An attacker can supply a full pathname in the UploadID metadata to write arbitrary files on the server and potentially execute arbitrary code. Th...

CVE-2014-6407

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

DEBIAN-CVE-2014-8097

The DBE extension in X.Org X Window System aka X11 or X X11R6.1 and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index value to the 1...

docker: symbolic and hardlink issues leading to privilege escalation

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

CVE-2014-9274

UnRTF allows remote attackers to cause a denial of service crash and possibly execute arbitrary code as demonstrated by a file containing the string "\cb-999999999"...

CVE-2014-3065

CVE-2014-3065: IBM Java SDK/JRE contains a vulnerability where the default configuration for the shared classes feature potentially allows arbitrary code execution via the shared classes cache by other local users. Affected IBM Java versions include IBM SDK/JAVA 2 Technology Edition (v5.0 SR16 FP...

CVE-2014-4452

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than CVE-2014-4462...

CVE-2014-8949

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...

CVE-2014-8949

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4wtrace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear...

Path traversal

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the...

CVE-2014-4872

BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to 1 FileStorageService or 2 ConfigurationService...

CVE-2014-3914

Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager TSM in Rocket ServerGraph 1.2 allows remote attackers to 1 create arbitrary files via a .. dot dot in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. dot d...

CVE-2014-3914

CVE-2014-3914 affects Rocket Servergraph 1.2 Admin Center, with directory traversal in the fileRequestor servlet (and related fileRequestServlet/userRequest servlet) allowing actions such as writeDataFile, run, runClear, readDataFile, del, and save_server_groups to be abused via crafted query/bod...

CVE-2014-3914

Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager TSM in Rocket ServerGraph 1.2 allows remote attackers to 1 create arbitrary files via a .. dot dot in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. dot d...

Mozilla: Out of bounds write in NSPR (MFSA 2014-55)

An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version o...

PHP 5.2.6 'create_function()' Code Injection Weakness (2)

No description provided by source. source: http://www.securityfocus.com/bid/31398/info PHP is prone to a code-injection weakness because it fails to sufficiently sanitize input to 'createfunction'. Note that the anonymous function returned need not be called for the supplied code to be executed. ...

Ghostscript 'CCITTFax' Decoding Filter - Denial of Service Vulnerability

No description provided by source. Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input. Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed...