Lucene search
K

1646 matches found

Packet Storm
Packet Storm
added 2022/01/05 12:0 a.m.370 views

RiteCMS 3.1.0 Shell Upload / Remote Code Execution

Exploit Title: RiteCMS 3.1.0 - Remote Code Execution RCE Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.308 views

RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated)

Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse...

7.4AI score
Exploits0
NVD
NVD
added 2021/12/22 7:15 p.m.12 views

CVE-2021-21894

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this...

9.1CVSS0.02399EPSS
Exploits1References1
OSV
OSV
added 2021/12/22 7:15 p.m.3 views

CVE-2021-21879

A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability...

8.8CVSS5.9AI score0.03656EPSS
Exploits1References1
Prion
Prion
added 2021/12/22 7:15 p.m.23 views

Directory traversal

A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this...

6.5CVSS8.9AI score0.02399EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/12/22 7:15 p.m.17 views

Directory traversal

A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9CVSS8.6AI score0.03656EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.23 views

CVE-2021-21879

A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.9CVSS8.8AI score0.03656EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/11/15 12:0 a.m.6 views

Lantronix PremierWave 2050 路径遍历漏洞

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to a path traversal vulnerability caused by a lack of filtering and escaping of path parameters by the Web Manager file upload function. An...

9.9CVSS5.8AI score0.03656EPSS
Exploits1References3
Talos
Talos
added 2021/11/15 12:0 a.m.33 views

Lantronix PremierWave 2050 Web Manager File Upload directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

9.9CVSS8.6AI score0.03656EPSS
Exploits1
Talos
Talos
added 2021/11/15 12:0 a.m.57 views

Lantronix PremierWave 2050 Web Manager FsTFtp directory traversal vulnerability

Summary A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file overwrite and arbitrary file disclosure. An attacker can make an authenticated HTTP request to...

9.1CVSS8AI score0.02399EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2021/11/11 12:0 a.m.5 views

The vulnerability of the command-line interface (CLI) of Cisco SD-WAN microprogramming software allows a hacker to escalate their privileges and re-record arbitrary files.

The vulnerability of the command-line interface CLI of Cisco SD-WAN microprogramming software is related to insufficient verification of the commands executed. Exploiting this vulnerability can allow an attacker to enhance their privileges and re-record arbitrary files...

7.2CVSS6.8AI score0.00237EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2021/11/05 3:15 a.m.13 views

CVE-2021-25509

A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders...

7.1CVSS0.0022EPSS
Exploits0References1
OSV
OSV
added 2021/10/26 8:15 p.m.2 views

UBUNTU-CVE-2019-3556

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...

8.1CVSS6.1AI score0.01731EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/10/13 12:0 a.m.4 views

The vulnerability of the Moxa MXView network control software lies in its lack of functionality for checking the path name of the restricted access directory. This allows attackers to create or re-record arbitrary files.

The vulnerability of the Moxa MXView network control software is related to deficiencies in checking the path name of the restricted access catalog. Exploiting this vulnerability allows a malicious actor to create or re-record arbitrary files remotely...

7.8CVSS8.1AI score0.01551EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2021/09/27 3:42 p.m.34 views

CVE-2021-28613 Adobe Creative Cloud Arbitrary File Overwrite Vulnerability

Adobe Creative Cloud Desktop Application version 5.4 and earlier is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator privileges and user interaction...

7.4CVSS7.3AI score0.00472EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/09/27 7:40 a.m.5 views

nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite

The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This i...

8.2CVSS7.4AI score0.15014EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2021/09/27 12:0 a.m.41 views

Oracle Linux 8 : nodejs:14 (ELSA-2021-3666)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3666 advisory. - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves...

9.8CVSS7.1AI score0.37286EPSS
Exploits7References9
OSV
OSV
added 2021/09/23 3:15 a.m.2 views

CVE-2021-1612

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placi...

7.1CVSS7.2AI score0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/09/23 2:30 a.m.7 views

CVE-2021-1612 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placi...

5.5CVSS6.6AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/23 2:30 a.m.19 views

CVE-2021-1612 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placi...

5.5CVSS6.9AI score0.00242EPSS
Exploits0References1
Rows per page
Query Builder