123 matches found
CVE-2015-1830
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors...
Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution
I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a path delimiter. An attacker could use this flaw to upload...
activemq: Fileserver web application vulnerability allowing RCE
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request...
BlackBerry Z10 Authentication Bypass Vulnerability
BlackBerry Z10 suffers from a storage and access file-exchange authentication bypass vulnerability. BlackBerry Z10 Authentication Bypass Vulnerability --------------------------------------------------------------------- --------------------------------------------------------------------- 1...
Authentication Bypass Bug Fixed in BlackBerry Z10
There’s a remotely exploitable authentication bypass vulnerability in the BlackBerry Z10 phone that affects the service that lets users share files with machines on a wireless network. The bug could allow an attacker to steal users’ personal data or hit them with targeted malware. The Z10 is one ...
windows live messenger plus! fileserver 1.0 - Directory Traversal vuln
No description provided by source. Windows Live Messenger Plus! FileServer 1.0 Found by joepie91 The FileServer script allows a user using Windows Live Messenger Plus! to share a defined folder and its subfolders and files with a contact. Authentication is done using a user-defined username and...
[oss-security] CVE request: OpenAFS 1.6.8 TMAY fileserver crashes
New code introduced in OpenAFS 1.6.8 does not properly zero fields in the host structure in the OpenAFS fileserver, leading to some variables in the host structure being left initialized from recycled heap memory. While no mechanism for exploitation is currently known, the affected file server...
Scientific Linux Security Update : openafs on SL5.x, SL6.x i386/x86_64 (20140411)
An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server. The GetStatistics64 remote procedure call RPC was introduced in OpenAFS 1.4.8 as part of the support for fileserver partitions larger than 2 TiB. The GetStatistics64 RPC is used by...
Debian DSA-2899-1 : openafs - security update
Michael Meffie discovered that in OpenAFS, a distributed filesystem, an attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the fileserver, and potentially permitting the execution of arbitrary code. In addition, this update addresses a minor deni...
CVE-2013-1794
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via a long fileserver ACL entry...
DEBIAN-CVE-2013-1794
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via a long fileserver ACL entry...
CVE-2013-1794
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via a long fileserver ACL entry...
Buffer overflow
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via a long fileserver ACL entry...
CVE-2013-1794
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via a long fileserver ACL entry...
CVE-2013-1794
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via a long fileserver ACL entry...
Scientific Linux Security Update : openafs on SL5.x SL6.x i386/x86_64 (20130304)
By carefully crafting an ACL entry an attacker may overflow fixed length buffers within the OpenAFS fileserver, crashing the fileserver, and potentially permitting the execution of arbitrary code. To perform the exploit, the attacker must already have permissions to create ACLs on the fileserver ...
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6437)
This patch updates the SUSE Linux Enterprise 10 SP2 kernel to fix various bugs and some security issues. The following security issues were fixed: CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges. No cve yet A...
Marcelo Costa FileServer Component Directory Traversal Vulnerability
This host is running Marcelo Costa FileServer with Windows Live Messenger and Messenger Plus! Live, and is prone to directory traversal vulnerability. OpenVAS Vulnerability Test $Id: secpodmarcelocostafileserverdirtravvuln.nasl 8193 2017-12-20 10:46:55Z cfischer $ Marcelo Costa FileServer Compone...
Marcelo Costa FileServer Component Directory Traversal Vulnerability
Marcelo Costa FileServer with Windows Live Messenger and Messenger Plus! Live is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2009-2544
Directory traversal vulnerability in the Marcelo Costa FileServer component 1.0 for Microsoft Windows Live Messenger and Messenger Plus! Live MPL allows remote authenticated users to list arbitrary directories and read arbitrary files via a .. dot dot in a pathname...