Cisco SD-WAN vManage Path Traversal Vulnerability (CNVD-2021-05395)

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. A path traversal vulnerability exists in the Web management interface of Cisco SD-WAN vManage versions prior to 18.2.0. The vulnerability stems from insufficient authentication of HTTP...

Cisco SD-WAN vManage Software 路径遍历漏洞

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. A path traversal vulnerability exists in the Web management interface of Cisco SD-WAN vManage versions prior to 18.2.0. The vulnerability stems from insufficient authentication of HTTP...

CVE-2021-21251

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library...

CVE-2021-21251

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library...

Design/Logic Flaw

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library...

CVE-2020-17518

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...

Arbitrary File Write

flink-runtime is vulnerable to arbitrary file write. The vulnerability exists as files can be written to any accessible location through the modified value of HTTP HEADER...

Apache Flink 路径遍历漏洞

Apache Flink is an efficient and distributed general purpose data processing platform. Apache Flink products have an arbitrary file write vulnerability that can be exploited by an attacker to read sensitive files on the server and with the help of hard-coded credentials exploit the vulnerability ...

Phabricator: Git flag injection leads to arbitrary file write

keyword : mongoose PoC 1. Login and generate API token 2. Create a repo and push several commits to phabricator 3. Execute diffusion api curl http://dev.localhost/api/diffusion.internal.gitrawdiffquery \ -d api.token=api-token \ -d commit=--output%3D/tmp/qqq \ -d repository=R2 4. qqq file will be...

Umbraco Path Traversal Vulnerability

Umbraco is an open source content management system CMS based on ASP.NET technology. A path traversal vulnerability exists in Umbraco 8.9.1 and earlier versions during package installation. An attacker can use this vulnerability to write arbitrary files outside of the site home directory and...

CVE-2020-5811

CVE-2020-5811 affects Umbraco CMS and is an authenticated path traversal vulnerability during package installation. The issue allows writing arbitrary files outside the site home and expected paths when installing an Umbraco package, impacting versions

Arbitrary File Write

Packwood MPXJ is vulnerable to arbitrary file write. The vulnerability exists because it does not properly validate the path from inputStream, leading to the writing of files outside of the target directory...

PT-2020-5496 · Packwood · Mpxj

Name of the Vulnerable Software and Affected Versions: Packwood MPXJ versions prior to 8.3.5 Description: The issue exists due to incorrect restriction of the directory path name in the common/InputStreamHelper.java library of MPXJ, allowing a remote attacker to write files to arbitrary locations...

CVE-2020-27833

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image .tar file which contains symbolic links. The vulnerability is limited to the command oc image extract. If a symbolic link is first...

CVE-2020-9922

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files...

Arbitrary File Write

LPRng is vulnerable to arbitrary file write. A local unauthenticated attacker could overwrite arbitrary files via a symbolic link attack on the /tmp/before file of the psbanner component...

Rocket.Chat: Server-side RCE through directory traversal-based arbitrary file write

Vulnerability description not provided...

Arbitrary File Write Vulnerability in Jinhe OA-C6

Jinhe OA system product C6 collaborative management platform has more than 20 application modules, more than 160 application sub-modules, involving enterprise management business including collaborative office management, human resource management, project management, customer relationship...

CVE-2020-25989

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges...

CVE-2020-25989

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges...