CVE-2020-8983

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or...

CVE-2020-19891

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...

CVE-2020-6008

LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution...

CVE-2020-12265

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...

CVE-2020-5131

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier...

CVE-2020-27466

An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...

CVE-2020-25289

The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory which has weak permissions...

CVE-2020-5825

Symantec Endpoint Protection SEP and Symantec Endpoint Protection Small Business Edition SEP SBE, prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing...

CVE-2017-17551

The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a...

CVE-2019-0214

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file...

CVE-2019-9611

An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...

CVE-2019-3970

Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data direct...

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

CVE-2010-3101

Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." dot dot backslash in a filename...

CVE-2013-3574

Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath aka mount parameter...

CVE-2025-1712 Arbitrary file write with vcrtrace

Argument injection in special agent configuration in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files...

CVE-2025-1712 Arbitrary file write with vcrtrace

Argument injection in special agent configuration in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files...

CVE-2025-1712

CVE-2025-1712 affects Checkmk: argument/injection in a special agent configuration across versions <2.4.0p1, <2.3.0p32,

setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

Summary A path traversal vulnerability in PackageIndex was fixed in setuptools version 78.1.1 Details def downloadurlself, url, tmpdir: Determine download filename name, fragment = egginfoforurlurl if name: while '..' in name: name = name.replace'..', '.'.replace'\', '' else: name = "downloaded"...

GHSA-5RJG-FVGR-3XXF setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

Summary A path traversal vulnerability in PackageIndex was fixed in setuptools version 78.1.1 Details def downloadurlself, url, tmpdir: Determine download filename name, fragment = egginfoforurlurl if name: while '..' in name: name = name.replace'..', '.'.replace'\', '' else: name = "downloaded"...