5147 matches found
Yandex ClickHouse Arbitrary File Write Vulnerability
Yandex ClickHouse is a set of open source columnar databases for online analytical processing of the Russian company Yandex. A security vulnerability exists in Yandex ClickHouse versions prior to 19.14.3. An attacker can exploit this vulnerability to cause clickhouse-server to perform a write...
Design/Logic Flaw
In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When...
CVE-2019-15024
CVE-2019-15024 affects ClickHouse before 19.14.3. An attacker with write access to ZooKeeper who can run a network-accessible custom server can register a malicious replica in ZooKeeper. When another replica fetches a data part from this server, clickhouse-server can be forced to write to an arbi...
CVE-2019-16896
In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll aka the backup module improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality...
NPM -- Multiple vulnerabilities
NPM reports: Global nodemodules Binary Overwrite Symlink reference outside of nodemodules Arbitrary File Write...
Cisco IOS XE Software Arbitrary File Write (cisco-sa-20180328-wfw)
According to its self-reported version, Cisco IOS XE Software is affected by an arbitrary file write vulnerability in the web-based user interface web UI due to insufficient input validation of HTTP requests that are sent to the web UI of the affected software. An authenticated, remote attacker c...
The vulnerability of the command-line tools for package managers NPM and Yarn allows a hacker to write arbitrary files.
The vulnerability of the command-line tools for package managers NPM and Yarn exists due to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files by creating symbolic links to files outside the module...
Roxy Fileman 1.4.5 - Directory Traversal
Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal Author: Patrik Lantz Date: 2019-12-06 Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE: CVE-2019-19731 Tested on: ASP.NET 4.0.30319 and...
Roxy Fileman 1.4.5 For .NET Directory Traversal Vulnerability
Exploit for php platform in category web applications =========================== Exploit Title: Roxy Fileman 1.4.5 for .NET - Directory Traversal Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net...
GHSA-M6CX-G6QM-P2CX Arbitrary File Write in npm
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on ...
Arbitrary File Write in npm
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on ...
CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
DEBIAN-CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
DEBIAN-CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
Code injection
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
UBUNTU-CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...