Lucene search
K

413 matches found

Debian
Debian
added 2015/04/17 5:39 p.m.55 views

[SECURITY] [DLA 202-1] wesnoth-1.8 security update

Package : wesnoth-1.8 Version : 1:1.8.5-1+deb6u1 CVE ID : CVE-2015-0844 Ignacio R. Morelle discovered that missing path restrictions in the "Battle of Wesnoth" game could result in the disclosure of arbitrary files in the users home directory if malicious campaigns/maps are loaded. For the...

5CVSS5.8AI score0.02322EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/04/09 12:0 a.m.18 views

Debian: Security Advisory (DSA-3218-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.02322EPSS
Exploits0References3
CNVD
CNVD
added 2015/02/27 12:0 a.m.7 views

Multiple Vulnerabilities in UberFire Framework

UberFire Framework is a rich client platform architecture software. The software supports high-availability deployments. An arbitrary code execution and file read vulnerability exists in UberFire Framework version 0.3.x, which stems from the program failing to properly restrict paths. A remote...

6.8CVSS8.1AI score0.03101EPSS
Exploits0References1
NVD
NVD
added 2015/02/20 4:59 p.m.24 views

CVE-2014-8114

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...

6.8CVSS7.4AI score0.03101EPSS
Exploits0References4
CVE
CVE
added 2015/02/20 4:0 p.m.55 views

CVE-2014-8114

The CVE-2014-8114 entry affects the UberFire Framework 0.3.x and is caused by inadequate path restriction in the framework’s FileUploadServlet/FileDownloadServlet handling. This leads to two disclosed risks: (1) remote code execution by uploading crafted content to FileUploadServlet and (2) arbit...

6.8CVSS7.6AI score0.03101EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2013/07/18 12:51 p.m.20 views

CVE-2013-3426

The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810...

5CVSS6.6AI score0.01187EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2011/10/11 12:0 a.m.19 views

Microsoft Windows Multiple COM Binary Planting Vulnerabilities (MS11-076; CVE-2011-1991; CVE-2011-2009)

The vulnerabilities are due to the way Windows COM servers improperly restrict the paths used when loading external libraries. A remote attacker may exploit these vulnerabilities by enticing an unsuspecting user to open a specially crafted file from a WebDAV or an SMB shareSuccessful exploitation...

9.3CVSS7.4AI score0.12123EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.28 views

Debian Security Advisory DSA 459-1 (kdelibs, kdelibs-crypto)

The remote host is missing an update to kdelibs, kdelibs-crypto announced via advisory DSA 459-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

7.5CVSS7AI score0.04409EPSS
Exploits1References1
NVD
NVD
added 2006/12/10 8:28 p.m.27 views

CVE-2006-6383

PHP 5.2.0 and 4.4 allows local users to bypass safemode and openbasedir restrictions via a malicious path and a null byte before a ";" in a sessionsavepath argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.savepath...

4.6CVSS6AI score0.01087EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2004/11/16 12:0 a.m.4 views

PT-2004-1119 · Unarj · Unarj

Name of the Vulnerable Software and Affected Versions: unarj affected versions not specified Description: The issue is related to a directory traversal vulnerability in the -x extract command line option. This vulnerability allows remote attackers to overwrite arbitrary files by using an arj...

5CVSS6.2AI score0.02737EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.24 views

Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:022)

Corsaire discovered that a number of HTTP user agents contained a flaw in how they handle cookies. This flaw could allow an attacker to avoid the path restrictions specified by a cookie's originator. According to their advisory : 'The cookie specifications detail a path argument that can be used ...

7.5CVSS5.5AI score0.04409EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2004/03/10 12:0 a.m.27 views

Apple Safari 1.x - Cookie Directory Traversal

source: https://www.securityfocus.com/bid/9841/info Multiple vendor Internet Browsers have been reported to be prone to a cookie path argument restriction bypass vulnerability. The issue presents itself due to a failure to properly sanitize encoded URI content, this may make it possible for an...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.53 views

eeye.web.interfaces.txt

Date: Wed, 26 May 1999 06:58:27 -0000 From: Marc To: [email protected] Subject: Multiple Web Interface Security Holes Multiple Web Interface Security Holes Systems Affected CMail 2.3 FTGate 2,1,2,1 NTMail 4.20 Release Date May 26, 1999 Advisory Code AD05261999 Description: The following holes...

7.4AI score
Exploits0
Rows per page
Query Builder