EUVD-2019-13942

Malware in sbrugna...

RHEL 5 : libuser (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libuser: TOCTOU race conditions by copying and removing directory trees CVE-2012-5630 - libuser: Security...

CVE-2023-27534

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

WiFi Mouse 1.8.3.4 - Remote Code Execution Exploit

Exploit Title: WiFiMouse 1.8.3.4 - Remote Code Execution RCE Author: Febin Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.4 Tested on: Windows 10 !/bin/bash printf " WiFiMouse / MouseServer 1.8.3.4 Exploit by FEBIN " printf " Enter the Target IP...

Path Traversal

onionsharecli is vulnerable to path traversal. The vulnerability exists in the common.py as it does not properly validate the access permissions, which allows an attacker to access sensitive information in the user's home folder...

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

Updated ark packages fix security vulnerability

A maliciously crafted archive with "../" in the file paths would install files anywhere in the user's home directory upon extraction CVE-2020-16116...

GLSA-202008-03 : Ark: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-202008-03 Ark: Arbitrary code execution A maliciously crafted archive with ../ in the file paths could install files anywhere in the users home directory upon extraction. Impact : A remote attacker could entice a user to open a...

Design/Logic Flaw

IBM Watson Studio Local 1.2.3 stores key files in the user's home directory which could be obtained by another local user. IBM X-Force ID: 161413...

[SECURITY] [DLA 1635-1] sssd security update

Package : sssd Version : 1.11.7-3+deb8u2 CVE ID : CVE-2019-3811 Debian Bug : 919051 A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return / the root directory instead of the empty string / no home directory. This could impact services that...

[SECURITY] [DSA 3218-1] wesnoth-1.10 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3218-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 10, 2015 http://www.debian.org/security/faq -...

Debian DSA-3218-1 : wesnoth-1.10 - security update

Ignacio R. Morelle discovered that missing path restrictions in the'Battle of Wesnoth' game could result in the disclosure of arbitrary files in the user's home directory if malicious campaigns/maps are loaded. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Debian: Security Advisory (DSA-3218-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-1841

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. dot dot in the src parameter...

CVE-2011-4606

Artsoft Entertainment Rocks'n'Diamonds aka rocksndiamonds 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory...

Design/Logic Flaw

Artsoft Entertainment Rocks'n'Diamonds aka rocksndiamonds 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory...

Default credentials

PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user's home directory, which allows local users to obtain Pandora credentials by reading this file...