Lucee Administrator imgProcess.cfm Arbitrary File Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lucee Administrator imgProcess.cfm Arbitrary File Write', 'Description' = %q This module exploits an arbitrary file write in Lucee Administrator'...

CVE-2021-32825

bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary location...

CVE-2021-32825

bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary location...

Design/Logic Flaw

bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary location...

CVE-2021-32825

CVE-2021-32825 pertains to bblfshd, an open-source self-hosted server for source code parsing. The vulnerability, a zipslip flaw in the unpacking routine, arises from unsafe handling of symbolic links, allowing an attacker to read or write outside the designated target folder. Impact can include ...

Path Traversal

bblfshd is an open source self-hosted server for source code parsing. In bblfshd there is a zipslip vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. This issue may le...

bblfshd 后置链接漏洞

bblfshd is a cli tool for controlling installed drivers and querying the status of daemons. A backlink vulnerability exists in bblfshd, which stems from the incorrect handling of symbolic links during the unpacking process of the product, and can be exploited by an attacker to write a malicious...

Foxit Reader and Foxit PhantomPDF Arbitrary File Write Vulnerability

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. An arbitrary file write vulnerability exists in Foxit Reader versions prior to 10.1.4 and PhantomPDF versions prior to 10.1.4, which stems from a failure to validate the CombineFiles pathname and can be...

CVE-2021-38565

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows writing to arbitrary files via submitForm...

CVE-2021-38572

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated...

CVE-2021-38565

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows writing to arbitrary files via submitForm...

Foxit Reader和Foxit PhantomPDF 安全漏洞

Foxit Reader and Foxit PhantomPDF are both PDF document readers from the Chinese company Foxit. A security vulnerability exists in Foxit Reader and PhantomPDF versions prior to 10.1.4, which stems from the application allowing arbitrary files to be written because the extractPages pathname is not...

Foxit Reader和Foxit PhantomPDF 安全漏洞

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. An arbitrary file write vulnerability exists in Foxit Reader versions prior to 10.1.4 and PhantomPDF versions prior to 10.1.4, which stems from a failure to validate the CombineFiles pathname and can be...

CVE-2020-23171

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file...

(Pwn2Own) Microsoft Exchange Server OAB Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the OAB service. T...

(Pwn2Own) Microsoft Exchange Server Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of...

Elements-IT HTTP Commander 路径遍历漏洞

Elements-IT HTTP Commander is a server-hosted, web-based file management solution from Elements-IT Germany. It provides basic functionality for working with files creating, copying, deleting, etc. and many other additional features, such as integration with cloud services, online editing of Offic...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. In the admin panel of basercms, an administrator with privileges to perform maintenance operations, has access ...

IBM DB2 11.5 < 11.5.6 FP0 Multiple Vulnerabilities (UNIX)

According to its version, the installation of IBM DB2 running on the remote host is 11.5 prior to 11.5.6 FP0. It is, therefore, affected by multiple vulnerabilities including the following: - IBM DB2 is affected by a flaw which could allow an unauthenticated, local user to to access and change...

Arbitrary File Write

Dovecot is vulnerable to arbitrary file write. It does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk...