5147 matches found
npm: Arbitrary file write via constructed entry in the package.json bin field
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write", 'Description' = %q This module exploits a vulnerability that exists due t...
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0429-1)
This update for nodejs12 fixes the following issues : nodejs12 was updated to version 12.15.0. Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. CVE-2019-15605: Fixed an HTTP request...
Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write", 'Description' = %q This module exploits a vulnerability that exists due t...
Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write", 'Description' = %q This module exploits a vulnerability that exists due t...
Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write Exploit
This Metasploit module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written...
Arbitrary File Write
yarn is vulnerable to arbitrary file write. A combination of symlink attack and directory traversal allows an attacker to write arbitrary files on the system when performing yarn install...
The vulnerability of the Huawei PC Manager application, related to access control deficiencies, allows a perpetrator to execute arbitrary codes and write arbitrary files.
The vulnerability of the Huawei PC Manager application relates to deficiencies in access control. Exploiting this vulnerability could allow a hacker to execute arbitrary code and write arbitrary files...
CVE-2020-3763
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write...
CVE-2020-3762
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system write...
Symantec Endpoint Protection Client 14.x < 14.2.5569.2100 Multiple Vulnerabilities (SYMSA1505)
The version of Symantec Endpoint Protection SEP Client installed on the remote host is 14.x prior to 14.2.5569.2100. It is, therefore, affected by multiple vulnerabilities: - A privilege escalation vulnerability exists. An unauthenticated, remote attacker can exploit this to compromise the softwa...
Adobe Acrobat and Reader Elevation of Privilege Vulnerability (CNVD-2020-10135)
Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader have an elevation of privilege vulnerability. An attacker can exploit the vulnerability to write to an arbitrary file system...
CVE-2020-5825
Symantec Endpoint Protection SEP and Symantec Endpoint Protection Small Business Edition SEP SBE, prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing...
CVE-2020-5825
Symantec Endpoint Protection SEP and Symantec Endpoint Protection Small Business Edition SEP SBE, prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing...
Arbitrary file deletion
Symantec Endpoint Protection SEP and Symantec Endpoint Protection Small Business Edition SEP SBE, prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing...
CVE-2020-5825
CVE-2020-5825 affects Symantec Endpoint Protection (SEP) and SEP SBE prior to 14.2 RU2 MP1 (14.2.5569.2100). It is an arbitrary file write vulnerability allowing overwriting of existing files without proper privileges (local access). Remediation is to upgrade to SEP/SEP SBE 14.2 RU2 MP1 (14.2.556...
npm: Symlink reference outside of node_modules folder through the bin field upon installation
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
npm: Arbitrary file write via constructed entry in the package.json bin field
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write
This module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given...
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...