217 matches found
The vulnerability of the Mac OS X operating system, which allows a hacker to increase their privileges
The vulnerability of the kernel loader in the EFI component of the Mac OS X operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created path name...
iniNet SpiderControl SCADA Web Server Service 2.02 Privilege Escalation
iniNet SpiderControl SCADA Web Server Service 2.02 Insecure File Permissions Vendor: iniNet Solutions GmbH Product web page: http://www.spidercontrol.net Affected version: 2.02.0000 Summary: Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large...
The vulnerability of the libvdpau library, which allows a hacker to elevate their privileges
The vulnerability of the libvdpau library exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a local attacker to increase their privileges by manipulating the VDPAUDRIVER variable...
The vulnerability of the Oracle Fusion Middleware software platform allows a perpetrator to compromise the integrity, accessibility, and confidentiality of information.
The vulnerability of the Oracle Data Integrator sub-component of the Oracle Fusion Middleware software exists due to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the...
USN-2600-2: Linux kernel regression
USN-2600-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory...
USN-2598-2: Linux kernel regression
USN-2598-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory...
Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementatio...
MGASA-2014-0129 Updated udisks and udisks2 packages fixes security vulnerability
A flaw was found in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon root CVE-2014-0004...
Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for...
Winamp Web接口多个安全漏洞
Winamp Web接口(Wawi)是Winamp的一个开源插件,允许用户通过Web浏览器远程管理媒体播放器。 Wawi的实现后半辈子存在多个安全漏洞,具体如下: ----------------------------------- A FindBasicAuth缓冲区溢出 ----------------------------------- FindBasicAuth函数位于security.cpp,用于解析客户端请求中的Authorization...
Buffer overflow
Buffer overflow in the FTP server FTPServer in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling."...
CVE-2006-1445
Buffer overflow in the FTP server FTPServer in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling."...
CVE-2005-1450
Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact...
GLSA-200411-16 : zip: Path name buffer overflow
The remote host is affected by the vulnerability described in GLSA-200411-16 zip: Path name buffer overflow zip does not check the resulting path length when doing recursive folder compression. Impact : An attacker could exploit this by enticing another user or web application to create an archiv...
zip: Path name buffer overflow
Background zip is a compression and file packaging utility. Description zip does not check the resulting path length when doing recursive folder compression. Impact An attacker could exploit this by enticing another user or web application to create an archive including a specially-crafted path...
d_path() truncating excessive long path name vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Name: Linux kernel Version: up to 2.2.20 and 2.4.18 Homepage: http://www.kernel.org/ Author: Wojciech Purczynski [email protected] Date: March 26, 2002 Issue: ====== In case of excessively long path names dpath kernel internal function returns truncated...
CVE-2000-0168
Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability...