CVE-2021-42133

CVE-2021-42133 affects Ivanti Avalanche prior to 6.3.3. The vulnerability is an exposed dangerous function that, if an attacker can reach the Inforail Service, enables arbitrary file write. Red Hat and NVD entries mirror the same description; ZDI additionally notes a remote code execution path th...

CVE-2021-42133

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...

Ivanti Avalanche 代码问题漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche that could be exploited by an attacker to perform arbitrary fil...

The vulnerability of the ECShop e-commerce center system, related to the failure to take measures to neutralize special elements used in SQL queries, allows a hacker to write arbitrary files.

The vulnerability of the ECShop e-commerce shopping center system lies in the lack of measures taken to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code by executing the admin/shophelp.php script with the id...

CVE-2021-38959

IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. IBM X-Force ID: 212046...

Zoho ManageEngine ADAudit Plus Arbitrary File Write Vulnerability

Zoho ManageEngine ADAudit Plus is a web-based Active Directory change auditing and reporting solution. An arbitrary file write vulnerability exists in Zoho ManageEngine ADAudit Plus versions prior to 7006, which can be exploited by an attacker to write and execute arbitrary files on the system...

CVE-2021-42847

Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files...

CVE-2021-42847

Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files...

CVE-2021-42847

Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files...

ZOHO ManageEngine ADAudit Plus 安全漏洞

Zoho ManageEngine ADAudit Plus is a web-based Active Directory change auditing and reporting solution. An arbitrary file write vulnerability exists in Zoho ManageEngine ADAudit Plus versions prior to 7006, which can be exploited by an attacker to write and execute arbitrary files on the system...

PT-2021-23695 · Zoho · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADAudit Plus versions prior to 7006 Description: The issue allows attackers to write to and execute arbitrary files, potentially leading to unauthorized access and malicious activities. Recommendations: For versions prior to...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins has a security vulnerability that stems from multiple vulnerabilities in the file path filtering implementation o...

phpok Arbitrary File Write Vulnerability

phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. An arbitrary file write vulnerability exists in the editsavef function in framework/admin/tplcontrol.php in phpok version 5.1. An attacker can exploit this vulnerability to wri...

Cisco Firepower Threat Defense Software CLI Arbitrary File Write (cisco-sa-ftd-file-write-SHVcmQVc)

According to its self-reported version, Cisco FTD Software is affected by a vulnerability due to incomplete validation of user input for a specific CLI command. An authenticated, local attacker can exploit this, by authenticating to the device with administrative privileges, in order to overwrite...

CVE-2020-18439

An issue was discoverered in in function editsavef in framework/admin/tplcontrol.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell...

CVE-2020-18439

An issue was discoverered in in function editsavef in framework/admin/tplcontrol.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell...

qinggan phpok 代码问题漏洞

phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. An arbitrary file write vulnerability exists in the editsavef function in framework/admin/tplcontrol.php in phpok version 5.1. An attacker can exploit this vulnerability to wri...

CVE-2021-30833

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files...

PHP 7.3.x < 7.3.31 Arbitrary File Write

The version of PHP installed on the remote host is 7.3.x prior to 7.3.31. It is, therefore, affected by a vulnerability as referenced in the version 7.3.31 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...

PHP 7.4.x < 7.4.24 Arbitrary File Write

The version of PHP installed on the remote host is 7.4.x prior to 7.4.25. It is, therefore, affected by a vulnerability as referenced in the version 7.4.24 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...