Смотрите также связанные темы 03.02.2018 2009-02-02 - [slackware-security] xdg-utils (SSA:2009-033-01) -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1[slackware-security] xdg-utils (SSA:2009-033-01)New xdg-utils packages are available for Slackware 12.2 and -current tofix security issues. Applications that use /etc/mailcap could be trickedinto running an arbitrary script through xdg-open, and a separate flaw inxdg-open could allow the execution of arbitrary commands embedded in untrustedinput provided to xdg-open.More details about the issues may be found in the CommonVulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename...
14.02.2018 AIX at information disclosure vulnerability A local attacker may exploit this error to read any file on the system because the command is setuid root.
13.03.2018 Подключение произвольного файла в работу уязвимого файла на локальном сервере с помощью временных загрузочных файлов при загрузке по стандарту rfc1867 Статья описывает способ использования уязвимости LFI (Local File Inclusion): подключение произвольного PHP-скрипта на локальном сервере.
27.02.2018 CVE-2016-2521 Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.
14.08.2018 CVE-2008-3699 The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
13.03.2018 CVE-2016-1963 The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
19.08.2018 CVE-2008-3707 Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the script_path parameter to (1) flat_read.php, (2) post.php, (3) process_post.php, (4) process_search.php, (5) forum.php, (6) process_subscribe.php, (7) read.php, (8) search.php, (9) subscribe.php in path/; and (10) add_ban.php, (11) add_ban_form.php, (12) add_board.php, (13) add_vip.php, (14) add_vip_form.php, (15) copy_ban.php, (...
27.08.2018 CVE-2008-3851 Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a .. (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.html; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.html. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194.
23.11.2018 Security Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary Code A security vulnerability in the GNU Image Manipulation Program (GIMP) may allow a remote unprivileged user to cause a Denial of Service (DoS) to the GIMP application or execute arbitrary code with the privileges of a local user when that local user loads an XCF image file supplied by an untrusted source.
11.09.2018 [ MDVSA-2008:190 ] postfix A vulnerability in Postfix 2.4 and later was discovered, when
running on Linux kernel 2.6, where a local user could cause a denial
of service due to Postfix leaking the epoll file descriptor when
executing non-Postfix commands (CVE-2008-3889).
|