71 matches found
EulerOS Virtualization 3.0.6.6 : openssh (EulerOS-SA-2020-2451)
According to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a...
CVE-2020-15650
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings but not access the previous profile. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects...
Arbitrary Files Overwrite
The Simple Protocol for Independent Computing Environments SPICE is vulnerable to Arbitrary Files Overwrite. It was found that the SPICE Firefox plug-in used a predictable name for its log file. A local attacker could use this flaw to conduct a symbolic link attack, allowing them to overwrite...
CVE-2014-5254
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files...
CVE-2010-4817
pithos before 0.3.5 allows overwrite of arbitrary files via symlinks...
CVE-2019-17436
A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system...
icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwrite
It was found that icedtea-web did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user...
Xorg X11 Server (AIX) - Local Privilege Escalation
Xorg X11 Server AIX - Local Privilege Escalation Exploit Title: AIX Xorg X11 Server - Local Privilege Escalation Date: 29/11/2018 Exploit Author: @0xdono Original Discovery and Exploit: Narendra Shinde Vendor Homepage: https://www.x.org/ Platform: AIX Version: X Window System Version 7.1.1 Filese...
CVE-2018-0123
A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of...
Debian DLA-921-1 : slurm-llnl security update
With this vulnerability arbitrary files can be overwritten on nodes running jobs provided that the user can run a job that is able to trigger a failure of a Prolog script. For Debian 7 'Wheezy', these problems have been fixed in version 2.3.4-2+deb7u1. We recommend that you upgrade your slurm-lln...
eXtplorer Directory Traversal Vulnerability
eXtplorer is a PHP-based online file management program that supports online browsing of files and folders as well as logging into FTP servers as an FTP client. A directory traversal vulnerability exists in the unzip/extract functionality of eXtplorer version 2.1.9, which stems from the program...
Ipswitch Instant Messaging 2.0.8.1 Multiple Security Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/27677/info Ipswitch Instant Messaging is prone to multiple security vulnerabilities, including a denial-of-service vulnerability, a format-string vulnerability, and a vulnerability that allows attackers to overwrite...
CVE-2014-3981
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that 1 change the timezone for the user via the lat and lng parameters to...
Directory traversal
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted 1 HTTP or 2 HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369...
Directory traversal
Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to the nagios account...
Oracle Solaris 8/9/10 - 'flar' Insecure Temporary File Creation
source: https://www.securityfocus.com/bid/41619/info Oracle Solaris is prone to an insecure temporary file creation vulnerability. A local attacker can exploit this issue to overwrite arbitrary files with the privileges of the affected process. This will likely result in denial-of-service...
CVE-2008-5313
mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the 1 f-prot-autoupdate, 2 clamav-autoupdate, 3 avast-autoupdate, and 4 f-prot-6-autoupdate scripts in /etc/MailScanner/autoupdate/;...
CVE-2008-4988
pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal temporary file...
CVE-2008-4908
maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file...