5152 matches found
Dixell XWEB 500 - Arbitrary File Write Vulnerability
Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...
Path Traversal in konloch/bytecode-viewer
Description the.bytecode.club:Bytecode-Viewer is a lightweight user-friendly Java/Android Bytecode Viewer, Decompiler & More. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". The vulnerability is exploited using a specially crafted...
Dixell XWEB 500 Arbitrary File Write
Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Date: 03/01/2022 Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...
Dixell XWEB 500 - Arbitrary File Write
Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Date: 03/01/2022 Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...
CVE-2021-37128
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview zip-local is a to zip and unzip local directories Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory. PoC: js var zipper = require'zip-local';...
Design/Logic Flaw
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...
CVE-2021-23772 Arbitrary File Write
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...
Arbitrary File Write
Overview github.com/kataras/iris is a fast, simple yet fully featured and very efficient web framework for Go. Affected versions of this package are vulnerable to Arbitrary File Write. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to...
Arbitrary File Write
Overview github.com/kataras/iris/v12 is a fast, simple yet fully featured and very efficient web framework for Go. Affected versions of this package are vulnerable to Arbitrary File Write. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write t...
PT-2021-7988 · Emerson · Emerson Dixell Xweb-500
Name of the Vulnerable Software and Affected Versions: Emerson Dixell XWEB-500 affected versions not specified Description: The issue is related to an arbitrary file write vulnerability in the /cgi-bin/logo extra upload.cgi, /cgi-bin/cal save.cgi, and /cgi-bin/lo utils.cgi API endpoints. This...
Adobe Connect 跨站请求伪造漏洞
Adobe Connect is a software used to create meeting environments by Adobe. Adobe Connect suffers from a cross-site request forgery vulnerability that stems from the software's lack of token authentication for cross-site request forgery, which can be exploited by an attacker to trigger an arbitrary...
OpenOLAT 路径遍历漏洞
OpenOLAT is a web-based e-learning platform for teaching, learning, assessing and communicating with an LMS, a learning management system. a security vulnerability exists in versions of OpenOlat prior to 15.5.12 and 16.0.5, which stems from the fact that by providing a file name containing a...
CVE-2021-25511
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability...
CVE-2021-25511
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability...
Samsung SMR 路径遍历漏洞
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR Dec-2021 Release 1, which can be exploited by an attacker to write arbitrary files via a path traversal vulnerabili...
CVE-2021-42133
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...
CVE-2021-42133
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...
Design/Logic Flaw
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...
EUVD-2021-29118
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...