1646 matches found
RiteCMS 3.1.0 Shell Upload / Remote Code Execution
Exploit Title: RiteCMS 3.1.0 - Remote Code Execution RCE Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0...
RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated)
Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse...
CVE-2021-21894
A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this...
CVE-2021-21879
A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Directory traversal
A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this...
Directory traversal
A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2021-21879
A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability...
Lantronix PremierWave 2050 路径遍历漏洞
The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to a path traversal vulnerability caused by a lack of filtering and escaping of path parameters by the Web Manager file upload function. An...
Lantronix PremierWave 2050 Web Manager File Upload directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...
Lantronix PremierWave 2050 Web Manager FsTFtp directory traversal vulnerability
Summary A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary file overwrite and arbitrary file disclosure. An attacker can make an authenticated HTTP request to...
The vulnerability of the command-line interface (CLI) of Cisco SD-WAN microprogramming software allows a hacker to escalate their privileges and re-record arbitrary files.
The vulnerability of the command-line interface CLI of Cisco SD-WAN microprogramming software is related to insufficient verification of the commands executed. Exploiting this vulnerability can allow an attacker to enhance their privileges and re-record arbitrary files...
CVE-2021-25509
A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders...
UBUNTU-CVE-2019-3556
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...
The vulnerability of the Moxa MXView network control software lies in its lack of functionality for checking the path name of the restricted access directory. This allows attackers to create or re-record arbitrary files.
The vulnerability of the Moxa MXView network control software is related to deficiencies in checking the path name of the restricted access catalog. Exploiting this vulnerability allows a malicious actor to create or re-record arbitrary files remotely...
CVE-2021-28613 Adobe Creative Cloud Arbitrary File Overwrite Vulnerability
Adobe Creative Cloud Desktop Application version 5.4 and earlier is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Exploitation of this issue requires local access, administrator privileges and user interaction...
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This i...
Oracle Linux 8 : nodejs:14 (ELSA-2021-3666)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3666 advisory. - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves...
CVE-2021-1612
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placi...
CVE-2021-1612 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placi...
CVE-2021-1612 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placi...