CVE-2021-34761 Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability

A vulnerability in Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete...

GHSA-4365-FHM5-QCRX Maliciously Crafted Model Archive Can Lead To Arbitrary File Write

Impact An Archive Extraction Zip Slip vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file. Patches The vulnerability is fixed ...

Arbitrary File Write

rasa is vulnerable to arbitrary file write. A malicious user is able to cause arbitrary file writes within specific directories via a trained model which contains a crafted model.tar.gz file...

Zoom Client < 4.6.12 Multiple Vulnerabilities (Jun 2020)

The Zoom Client is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoom:zoom"; ifdescription...

in mostafa-samir/zip-local

Description zip-local is vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. Proof of Concept // PoC.js var zipper = require'zip-local'; zipper.unzip"zipslip.zip", functionerror, unzipped if!error // extract to the current working directory unzipped.savenull, function ; var...

PT-2021-7669 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions Update 14 and earlier Adobe ColdFusion versions Update 4 and earlier Description: The issue exists due to improper limitation of a pathname to a restricted directory, allowing for path traversal. This could result in...

VulnCheck KEV: CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...

Sophos HitmanPro 安全漏洞

Sophos HitmanPro is an excellent multi-engine cloud anti-virus scanner from Sophos UK.Sophos HitmanPro suffers from a security vulnerability that stems from a lack of authentication, access control, permission management and other security measures in the network system or product, which could be...

CVE-2020-21431

HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit...

CVE-2020-21431

HongCMS v3.0 contains an access control error vulnerability in the /admin/index.php/template/edit page, leading to arbitrary file reads and writes. The issue stems from missing/incorrect permission checks on that endpoint, enabling an attacker to read or write arbitrary files. Public references c...

USN-5102-1: Mercurial vulnerabilities

It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. CVE-2019-3902 It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a...

CVE-2021-40324

Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...

PYSEC-2021-374

Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...

CVE-2021-40324

Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...

UBUNTU-CVE-2021-40324

Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...

CVE-2021-40324

CVE-2021-40324 affects Cobbler prior to 3.3.0, where an input-filtering deficiency in upload_log_data enables arbitrary file write operations. Public sources (Ubuntu USN-6475-1, openSUSE/SUSE advisories) describe remote code execution/read/write via the Cobbler XML-RPC interface tied to these CVE...

CVE-2021-40324

Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...

HongCMS 访问控制错误漏洞

HongCMS is an open source lightweight content management system CMS. An access control error vulnerability exists in HongCMS, which stems from the product's failure to add valid permission controls to the /admin/index.php/template/edit page. An attacker could cause arbitrary file reads and writes...

LCDS LAquis SCADA 路径遍历漏洞

LCDS LAquis SCADA is a SCADA Data Acquisition and Supervisory Control system from the Brazilian company LCDS. The system is mainly used for data acquisition and process control of equipment that has communication technology. LCDS LAquis SCADA has a security vulnerability that allows an attacker t...

Cobbler 代码问题漏洞

Cobbler is a network installation server suite, which is mainly used to quickly set up Linux network installation environment.Cobbler in versions prior to 3.3.0 there is an arbitrary file writing vulnerability, the vulnerability originates from the system does not do effective filtering of user...