CVE-2022-28964

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 build 21.11.6809.528 allows attackers to cause a Denial of Service DoS via a crafted DLL file...

CVE-2022-47769

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...

CVE-2022-47042

MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do...

CVE-2022-40087

Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function fileputcontents. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-36943

SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item...

CVE-2022-34109

An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto, regardless of file type or size...

CVE-2022-34115

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...

CVE-2022-30060

ftcms =2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...

CVE-2021-32825

bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary location...

CVE-2021-27197

DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page e.g., with...

CVE-2021-42133

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...

CVE-2021-37088

There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can write any content to any file...

CVE-2021-37128

HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file...

CVE-2021-39384

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java...

CVE-2021-32840

SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3...

CVE-2021-25511

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability...

CVE-2020-21480

An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2020-3762

Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write...