Microsoft Exchange 2019 - Unauthenticated Email Download Exploit

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Metasploit Exploit Author: RAMELLA Sébastien Vendor Homepage: https://microsoft.com Version: This vulnerability affects Exchange 2013 Versions 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q This module scan for...

Vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are caused by privilege management errors, allowing attackers to write arbitrary files to the device’s file system.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are due to privilege management errors. Exploiting these vulnerabilities can allow an attacker to remotely write arbitrary files...

Cisco 多款产品安全漏洞

Cisco Prime Infrastructure is a software application from Cisco USA. It is used to simplify the management of wireless and wired networks. A security vulnerability exists in several Cisco products, which can be exploited by an attacker to identify directories and write arbitrary files to the file...

GHSA-75QF-WGFJ-V652 github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions up to and including version 0.7.0 of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction...

Arbitrary File Write

SABnzbd allows arbitrary file write. The filesystem.renamer function allows writing of downloaded files outside the configured download folder using a malicious PAR2 file...

CVE-2020-27833

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image .tar file which contains symbolic links. The vulnerability is limited to the command oc image extract. If a symbolic link is first...

Design/Logic Flaw

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image .tar file which contains symbolic links. The vulnerability is limited to the command oc image extract. If a symbolic link is first...

CVE-2020-27833

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image .tar file which contains symbolic links. The vulnerability is limited to the command oc image extract. If a symbolic link is first...

CVE-2020-27833

CVE-2020-27833 describes a Zip Slip flaw in the oc binary from openshift-clients where an arbitrary file write can be achieved when processing a specially crafted tar image via oc image extract. The root cause is symlinks inside the tarball that bypass the tar’s path checks, enabling links to esc...

UBUNTU-CVE-2021-31800

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing...

NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Exploit

Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME, 'password': PASSWOR...

NodeBB Emoji 3.2.1 Arbitrary FIle Write

Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Date: 2021-02-01 Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME,...

Apple Safari 输入验证错误漏洞

Apple Safari is a web browser from Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in Apple Safari, which can be exploited by local users to write arbitrary files. The following products and versions are affected: iPhon...

Arbitrary File Write

thunderbird is vulnerable to arbitrary file write. Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file...

CVE-2020-27569

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system...

ALPINE-CVE-2020-27569

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system...

CVE-2020-27569

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system...

Design/Logic Flaw

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system...

CVE-2020-27569

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system...

CVE-2020-27569

The CVE-2020-27569 entry concerns Aviatrix VPN Client 2.8.2 and earlier, where the VPN service writes logs to a world-writable location, enabling arbitrary file write with potential to modify any file on the system. The connected OSV entries corroborate the same description; no exploitation detai...