225 matches found
CVE-2018-11331
Pluck CMS before 4.7.6 is affected: the upload restrictions do not cover certain filetypes (e.g., .phtml, .htaccess), enabling remote PHP code execution. Affected: Pluck before 4.7.6. Root cause: incomplete disallowed-filetypes list. Impact: remote code execution with potential high impact as per...
Apache OpenMeetings ZIP File Path Traversal (CVE-2016-0784)
A directory traversal vulnerability exists in Apache OpenMeetings in the Import/Export System Backups functionality. The vulnerability is due to missing file path validation on user-uploaded ZIP archives. Successful exploitation allows the attacker to execute arbitrary code under the security...
SUSE-SU-2016:0968-1 Security update for rubygem-activesupport-3_2
This update for rubygem-activesupport-32 fixes the following issues: The previous patch for CVE-2015-7576 was adding the file lib/activesupport/securityutils.rb but this file was not being added into the gemspec,thus the final gem did not contain that file...
SUSE-SU-2016:0857-1 Security update for rubygem-activesupport-4_1
This update for rubygem-activesupport-41 fixes the following issues: The previous security patch for CVE-2015-7576 was adding a new file but this file was not being added in the gemspec, thus the resulting gem didn't have it. This update includes the patch in the gem file too...
CVE-1999-1434
login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server...