An arbitrary file upload vulnerability exists in the official Nmap Http-domino-enum-passwords NSE script.
3f3f0fed34e91a5d44d190bceb8508b03d02326855de030750d04807d7eb4044MobileCartly version 1.0 suffers from an arbitrary file deletion vulnerability.
3e0d3cff02b70b9d850e0e20a7bb38e04d1ab43ffeeccb1ae21617853e077b98Red Hat Security Advisory 2012-1149-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package's post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack, or modify the contents of the "/etc/nsswitch.conf" file during the upgrade or removal of the sudo package. This update also fixes the following bugs:
beba8e6ed13cfb26fb7c7c1854aef7f93f140ed6cc736059b657a68db78e6e8fMetasploit plugin 'pcap_log' is vulnerable to an arbitrary file overwrite bug which can further be leveraged to insert user-controlled data resulting in potential escalation of privileges. Metasploit module included.
a3608689ff5f6a56679189ea8149e0e805de1c706fb7d3fedff592abe11d622bRed Hat Security Advisory 2012-1046-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
fe71e26fd75c9403f91014baf93c4a6d167a5d5aef0be73d9f6c0fe60b8a1865Red Hat Security Advisory 2012-1045-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
57bee9f577390f47d09269171763d581bac37a4751fb81fddb955d4db237ace9Red Hat Security Advisory 2012-1047-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
ad1e0d74169944968d087c38eeee1c4b790cf754e68c22a60bc2f608214be628Red Hat Security Advisory 2012-0939-04 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information.
056bbb8f9c917f5519bbd54df7dac67565efe3792cceacb35765ad54e8033a0fMega File Manager version 1.0 suffers from an arbitrary file download vulnerability.
82d8be8c8a197aff6162ca8c6654d71c3bbc7be6d45c8e286a8be96f62d01204Tiny Server version 1.1.5 suffers from an arbitrary file disclosure vulnerability.
1c1ae4d4e1d6b30fb54ae4704d973d8f0bfbac327febdb2a7bc68850d12b520aTVersity versions 1.9.7 and below suffer from an arbitrary file downloading vulnerability.
0f98c43eb0ac7b40b724aa6931aae34c0f0bc9dd08645febfe3d9acc825d95a2SMF Portal version 1.1.16 fckeditor suffers from an arbitrary file upload vulnerability.
04babd577f16ab3b3226783c0614188c3210538cd0494f5a7fa636ca41c2f6f2This proof of concept exploit sets permissions to 444 on an arbitrary file specified as an argument by leveraging SIGSTOP/SIGCONT signals and the Inotify API to win a race condition in X.
0ea22872b6b51bf5249b0a70a12ebe97e3272ad611f24a936335036486484018Muster Render Farm Management System version 6.1.6 suffer from an arbitrary file download issue due to a directory traversal vulnerability. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. The advisory in this archive includes exploitation details.
4c7c5caf872d4ace08b11d687019c73a366d5da96d3cb3fa5d8590c61b7d691aBroadWin WebAccess SCADA/HMI client remote code execution exploit that takes advantage of an arbitrary file creation vulnerability in bwocxrun.ocx.
f079fd3dc3cf78363b594fd11ee0b79d8882cd62845270eb0046830691d26fd5Xorg versions 1.11.2 and below suffer from a permission change vulnerability that allows a local user the ability to set an arbitrary file to 444.
9f6009b727030f6089ce212fb9833092feb2cd7c92c9d65e65e274472ecb43ceThis Metasploit module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This Metasploit module has been tested on Safari and Maxthon. Code execution can be achieved by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.
c3cc069840b33d66dc0f5eb936fd86d7c0e81a9ca3077cb540669d0523d716ebTajan System suffers from an arbitrary file download vulnerability.
e2df46920e2605d7c30d2221e22d7a9ff4df2e1b0b109c229e37d4fccc7cfee2iManager plugin version 1.2.8 suffers from an arbitrary file deletion vulnerability.
63d8ec3f4d364c44e15e1df3ae54eb79901968d0e854a24fdc9ff42dc237090bWebsiteBaker versions 2.8.1 and below suffer from an arbitrary file upload vulnerability.
860ce23a122b9c64b307c8914a6362127a7b2825b85474a6ad123edb69c2d7bbMyWebServer version 1.0.3 suffers from an arbitrary file download vulnerability.
d4996c4c733d4a5b035b5aae5c50a79599b51430fd59a050497f73d8eeff330fThe Joomla Appointment Booking Pro component suffers from an arbitrary file reading vulnerability.
3919153d2e40600bef5a3b3385d421da5a7351ac182a07274b851a53bcbdc041HP OpenView Communication Broker (ovbbccb.exe versions 11.0.43.0 and below) suffer from an arbitrary file deletion vulnerability.
986bc67bf92ec6f9f779b02911e1349819b414d7082a4622ce743f01160246c4HP OpenView Performance Agent (ovbbccb.exe versions 6.20.50.0 and below) suffer from an arbitrary file deletion vulnerability.
7d59d753152e867af2baa1fa2866cd3a57d33f78ac76a3387fc7da8a45ecbf4bKofax version 2.5.0.933 suffers from an arbitrary file overwrite vulnerability.
3281c8b5dece97ac0a85e385b7de5c6f12504838d5c29db6be1e5e33f9c43352ZyXEL ZyWALL USG appliances suffer from an arbitrary file read/write vulnerability that allows for system compromise.
a79275261085696d0102bdf6c611df7de8b6388dbd1c16f1dcfe29f1632051fc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed