Смотрите также связанные темы
10.09.2018 CVE-2008-4018
swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.
03.02.2018 2009-02-02 - [slackware-security] xdg-utils (SSA:2009-033-01)
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1[slackware-security] xdg-utils (SSA:2009-033-01)New xdg-utils packages are available for Slackware 12.2 and -current tofix security issues. Applications that use /etc/mailcap could be trickedinto running an arbitrary script through xdg-open, and a separate flaw inxdg-open could allow the execution of arbitrary commands embedded in untrustedinput provided to xdg-open.More details about the issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename...
14.02.2018 AIX at information disclosure vulnerability
A local attacker may exploit this error to read any file on the system because the command is setuid root.
28.04.2018 HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1SUPPORT COMMUNICATION - SECURITY BULLETINDocument ID: c01723303Version: 1HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary CodeNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.Release Date: 2009-04-27Last Updated: 2009-04-27Potential Security Impact: Remote execution of arbitrary codeSource: Hewlett-Packard Company, HP Software Security Response TeamVULNERABILITY SUMMARYA potential vulnerability has been identified with HP OpenView Network Node Man...
13.03.2018 Подключение произвольного файла в работу уязвимого файла на локальном сервере с помощью временных загрузочных файлов при загрузке по стандарту rfc1867
Статья описывает способ использования уязвимости LFI (Local File Inclusion): подключение произвольного PHP-скрипта на локальном сервере.
27.02.2018 CVE-2016-2521
Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.
13.03.2018 CVE-2016-1963
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
14.08.2018 CVE-2008-3699
The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
19.08.2018 CVE-2008-3707
Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the script_path parameter to (1) flat_read.php, (2) post.php, (3) process_post.php, (4) process_search.php, (5) forum.php, (6) process_subscribe.php, (7) read.php, (8) search.php, (9) subscribe.php in path/; and (10) add_ban.php, (11) add_ban_form.php, (12) add_board.php, (13) add_vip.php, (14) add_vip_form.php, (15) copy_ban.php, (...
27.08.2018 CVE-2008-3851
Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a .. (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.html; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.html. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194.
|
