2534 matches found
FreeBSD : qemu -- unchecked block read/write vulnerability (9cfbca7f-efb7-11dc-be01-0211060005df)
Ian Jackson reports on the debian-security mailinglist : When a block device read or write request is made by the guest, nothing checks that the request is within the range supported by the backend, but the code in the backend typically assumes that the request is sensible. Depending on the...
[SECURITY] Fedora 8 Update: scponly-4.6-10.fc8
scponly is an alternative 'shell' for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution priviledges. Functionally, it is best described as a wrapper to the "tried and true" ssh suite of applications...
CVE-2002-2353
tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests...
CVE-2007-5633
CVE-2007-5633 is a local-elevation vulnerability in SpeedFan (speedfan.sys) used on Windows Vista x64. The issue allows a local attacker to read/write MSRs and load unsigned drivers via IOCTL_RDMSR 0x9C402438 and IOCTL_WRMSR 0x9C40243C to \Device\speedfan (MSR_LSTAR shown in examples). The provid...
CVE-2007-5210
Arbor Networks Peakflow SP is affected. Infections concern remote authenticated users bypassing access restrictions to read or write unspecified data via unknown vectors, affecting releases earlier than 3.5.1 patch 14 and 3.6.x prior to 3.6.1 patch 5. Root cause details are not fully disclosed in...
[SECURITY] Fedora 7 Update: ntfs-3g-1.913-2.fc7
The ntfs-3g driver is an open source, GPL licensed, third generation Linux NTFS driver. It provides full read-write access to NTFS, excluding access to encrypted files, writing compressed files, changing file ownership, access right. Technically it=E2=80=99s based on and a major improvement to th...
Mandrake Linux Security Advisory : lha (MDKSA-2007:117)
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. Updated packages have been patched to prevent this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
Information disclosure
The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information...
CVE-2007-2760
The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information...
CVE-2007-2760
The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information...
CVE-2007-2760
The CVE concerns Adempiere prior to version 3.1.6. The canUpdate function in model/MRole.java fails to properly validate user roles, enabling remote authenticated read-only users to obtain read-write privileges. This behavioral flaw is the root cause described across sources, resulting in a high-...
TFTP Server TFTPDWin 0.4.2 - Directory Traversal
source: https://www.securityfocus.com/bid/23937/info TFTP Server TFTPDWIN is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to gain read/write access to privileged directories and files. TFT...
CVE-2007-0657
Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command...
CVE-2006-5382
3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned...
CVE-2006-5382
The CVE-2006-5382 entry affects 3Com Switch SS3 4400 switches, specifically firmware 5.11, 6.00, 6.10 and earlier. Affects remote confidentiality/integrity/availability by allowing remote attackers to read the SNMP Read-Write Community string and perform unauthorized actions via normally restrict...
NTFS do a Ghost(break read-write privileges)-vulnerability warning-the black bar safety net
This machine is loaded with Windows 2 0 0 0, because the working relationship will be important information to put in the C:\studio, the C drive is NTFS format, and set the following permissions: Lostar is me full control The Everyone read-only After one day, and found where the file being...
squirrelmail -- random variable overwrite vulnerability
The SquirrelMail developers report: A logged in user could overwrite random variables in compose.php, which might make it possible to read/write other users' preferences or attachments...
Directory traversal
Directory traversal vulnerability in PG Problem Editor module PGProblemEditor.pm in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory...
[SA20285] Assetman Unspecified Script Insertion Vulnerabilities
TITLE: Assetman Unspecified Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA20285 VERIFY ADVISORY: http://secunia.com/advisories/20285/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Assetman 2.x http://secunia.com/product/10187/ DESCRIPTION: Nomenumbra...
[SA17748] Sun Java JRE Sandbox Security Bypass Vulnerabilities
TITLE: Sun Java JRE Sandbox Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA17748 VERIFY ADVISORY: http://secunia.com/advisories/17748/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Sun Java SDK 1.4.x http://secunia.com/product/1661/ Sun Java SDK 1.3.x...