Cisco Firepower Management Center Arbitrary Log File Write Vulnerability (cisco-sa-alfo-tHwFDmTE)

According to its self-reported version, Cisco Firepower Management Center is affected by an arbitrary file write vulnerability due to insufficient user input validation. An unauthenticated, remote attacker can exploit this to write arbitrary entries in the application's log file on the remote hos...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/sassoftware/go-rpmutils/cpio is a package for parsing and extracting content from RPM files. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. The CPIO extraction functionality doesn't sanitize the paths of the archived...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/unknwon/cae/tz is a package that provides archiving functionality for .tar.gz archives. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. The ExtractTo function doesn't securely escape file paths in zip archives which...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/unknwon/cae/zip is a package that provides archiving functionality for .zip archives. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. The ExtractTo function doesn't securely escape file paths in zip archives which inclu...

CVE-2020-1070

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1048...

Opto 22 SoftPAC Project Data Forgery Issue Vulnerability

Opto 22 SoftPAC Project is an automation software suite from Opto 22 USA. The product is capable of providing industrial automation, process control, building automation, remote monitoring, data acquisition and industrial IoT. A data forgery issue vulnerability exists in Opto 22 SoftPAC Project...

The vulnerability in the Atlassian Confluence Server’s web server exists due to an incorrect path name limitation for the restricted access catalog. This allows a hacker to write files anywhere and execute any code.

The vulnerability of the Atlassian Confluence Server web server exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to write files to arbitrary locations and execute arbitrary code...

CVE-2020-12042

Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access...

CVE-2020-12042

Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access...

CVE-2020-8159

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

LifterLMS Plugin for WordPress < 3.37.15 Arbitrary File Write

The WordPress LifterLMS Plugin installed on the remote host is affected by an arbitrary file write vulnerability that can allow the attackers to write and execute arbitrary PHP code on the server by changing their first name on their profile to PHP code. Note that the scanner has not tested for...

Arbitrary file write in actionpack-page_caching gem

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

GHSA-MG5P-95M9-RMFP Arbitrary file write in actionpack-page_caching gem

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

Directory Traversal

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

CVE-2020-8159

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

CVE-2020-8983

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or...

CVE-2020-8983

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or...

Arbitrary File Write

Overview actionpack-pagecaching is a static page caching library for Action Pack. Affected versions of this package are vulnerable to Arbitrary File Write. It is possible for an attacker to write unescaped ERB to a view, and therefore write arbitrary files to a web server, potentially resulting i...

Arbitrary file write/potential remote code execution in actionpack-page_caching

There is a vulnerability in the actionpack-pagecaching gem that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. Versions Affected: All versions of actionpack-pagecaching part of Rails...

CVE-2020-10859

Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request...