EUVD-1999-1536

Malware in sbrugna...

PT-2025-39390

Name of the Vulnerable Software and Affected Versions iMonitor EAM version 9.6394 Description The iMonitor EAM software version 9.6394 installs a system service, eamusbsrv64.exe, that operates with NT AUTHORITYSYSTEM privileges. This service contains an insecure update mechanism that automaticall...

CVE-2009-4358

freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure permissions in its working directory /var/db/freebsd-update by default, which allows local users to read copies of sensitive files after a 1 freebsd-update fetch fetch or 2 freebsd-update upgrade upgrade operation...

PT-2024-15709 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this issue. The specific flaw exists within the...

The vulnerability of the security mechanism for Cisco Secure Client (formerly Cisco AnyConnect Secure Mobility Client) endpoints for Windows operating systems arises from a flaw in access control related to the temporary directory created during updates. This vulnerability allows attackers to escalate their privileges.

The vulnerability of the Cisco Secure Client formerly Cisco AnyConnect Secure Mobility Client security solution for Windows operating systems is related to deficiencies in access control for the temporary directory created during updates. Exploiting this vulnerability can allow attackers to...

MGASA-2022-0271 Updated firefox packages fix security vulnerability

When visiting directory listings for chrome:// URLs as source text, some parameters were reflected CVE-2022-36318. When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed CVE-2022-36319...

Debian DLA-2622-1 : python-django security update

It was discovered that there was a potential directory traversal issue in Django, a Python-based web development framework. The vulnerability could have been exploited by maliciously crafted filenames. However, the upload handlers built into Django itself were not affected. For Debian 9 'Stretch'...

SUSE-SU-2020:3016-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in downloadhttpurl bsc1176262...

Avast Secure Browser Local Elevation of Privilege Vulnerability

Avast Secure Browser is a new browser built for privacy. A security vulnerability exists in Avast Secure Browser version 76.0.1659.101 that stems from an insecure ACL set by the AvastBrowserUpdate.exe file. The vulnerability can be exploited by creating a hard link named Update.ini in the...

openSUSE: Security Advisory for hiawatha (openSUSE-SU-2019:0294-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Low: automake19

Issue Overview: It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck"...

PT-2013-1865 · Specview · Specview

Name of the Vulnerable Software and Affected Versions: SpecView versions 2.5 build 853 and earlier Description: A directory traversal issue in the web server allows remote attackers to read arbitrary files via a series of dots in a URI. Recommendations: For versions 2.5 build 853 and earlier,...

[SECURITY] [DSA 499-1] New rsync packages fix directory traversal bug

-------------------------------------------------------------------------- Debian Security Advisory DSA 499-1 [email protected] http://www.debian.org/security/ Matt Zimmerman May 1st, 2004 http://www.debian.org/security/faq -...

CVE-1999-1555

Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service Pack 2 creates an update directory with "EVERYONE FULL CONTROL" permissions, which allows local users to cause Inoculan's antivirus update feature to install a Trojan horse dll...