413 matches found
[SECURITY] [DLA 202-1] wesnoth-1.8 security update
Package : wesnoth-1.8 Version : 1:1.8.5-1+deb6u1 CVE ID : CVE-2015-0844 Ignacio R. Morelle discovered that missing path restrictions in the "Battle of Wesnoth" game could result in the disclosure of arbitrary files in the users home directory if malicious campaigns/maps are loaded. For the...
Debian: Security Advisory (DSA-3218-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Multiple Vulnerabilities in UberFire Framework
UberFire Framework is a rich client platform architecture software. The software supports high-availability deployments. An arbitrary code execution and file read vulnerability exists in UberFire Framework version 0.3.x, which stems from the program failing to properly restrict paths. A remote...
CVE-2014-8114
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...
CVE-2014-8114
The CVE-2014-8114 entry affects the UberFire Framework 0.3.x and is caused by inadequate path restriction in the framework’s FileUploadServlet/FileDownloadServlet handling. This leads to two disclosed risks: (1) remote code execution by uploading crafted content to FileUploadServlet and (2) arbit...
CVE-2013-3426
The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810...
Microsoft Windows Multiple COM Binary Planting Vulnerabilities (MS11-076; CVE-2011-1991; CVE-2011-2009)
The vulnerabilities are due to the way Windows COM servers improperly restrict the paths used when loading external libraries. A remote attacker may exploit these vulnerabilities by enticing an unsuspecting user to open a specially crafted file from a WebDAV or an SMB shareSuccessful exploitation...
Debian Security Advisory DSA 459-1 (kdelibs, kdelibs-crypto)
The remote host is missing an update to kdelibs, kdelibs-crypto announced via advisory DSA 459-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...
CVE-2006-6383
PHP 5.2.0 and 4.4 allows local users to bypass safemode and openbasedir restrictions via a malicious path and a null byte before a ";" in a sessionsavepath argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.savepath...
PT-2004-1119 · Unarj · Unarj
Name of the Vulnerable Software and Affected Versions: unarj affected versions not specified Description: The issue is related to a directory traversal vulnerability in the -x extract command line option. This vulnerability allows remote attackers to overwrite arbitrary files by using an arj...
Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:022)
Corsaire discovered that a number of HTTP user agents contained a flaw in how they handle cookies. This flaw could allow an attacker to avoid the path restrictions specified by a cookie's originator. According to their advisory : 'The cookie specifications detail a path argument that can be used ...
Apple Safari 1.x - Cookie Directory Traversal
source: https://www.securityfocus.com/bid/9841/info Multiple vendor Internet Browsers have been reported to be prone to a cookie path argument restriction bypass vulnerability. The issue presents itself due to a failure to properly sanitize encoded URI content, this may make it possible for an...
eeye.web.interfaces.txt
Date: Wed, 26 May 1999 06:58:27 -0000 From: Marc To: [email protected] Subject: Multiple Web Interface Security Holes Multiple Web Interface Security Holes Systems Affected CMail 2.3 FTGate 2,1,2,1 NTMail 4.20 Release Date May 26, 1999 Advisory Code AD05261999 Description: The following holes...