Arbitrary File Write

Overview Versions of iobroker.admin prior to 3.6.12 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended folder in the /log/ route, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated t...

kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...

hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file...

Atlassian Confluence 6.15.1 Directory Traversal

Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft...

PT-2019-13937 · Yandex +1 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 19.14.3 Description: The issue allows an attacker with write access to ZooKeeper and the ability to run a custom server on the network where ClickHouse runs to create a malicious server acting as a ClickHouse...

Atlassian Confluence 6.15.1 Directory Traversal

Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows 7...

Atlassian Confluence 6.15.1 - Directory Traversal Exploit

Exploit for jsp platform in category web applications Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows ...

Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)

Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link:...

Atlassian Confluence 6.15.1 - Directory Traversal Vulnerability

Exploit for jsp platform in category web applications Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on:...

kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...

LAquis SCADA LGX Report Arbitrary File Write (CVE-2018-18988)

An arbitrary file write vulnerability exists in LAquis SCADA LGX report. Successful exploitation of this vulnerability could result in arbitrary file write and possible arbitrary code execution...

CVE-2010-0398

The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack...

DEBIAN-CVE-2010-0398

The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack...

kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...

Samba CVE-2019-10218 Path Traversal Arbitrary File Write Vulnerability

Description Samba is prone to an arbitrary file write vulnerability. Successful exploits may allow an attacker to write arbitrary files to the affected system. This may aid in further attacks. Technologies Affected Samba Samba 3.4.0 Samba Samba 3.4.1 Samba Samba 3.4.10 Samba Samba 3.4.11 Samba...

The numerous vulnerabilities in the API interface of the WADashboard component of the Advantech WebAccess software allow a perpetrator to write or overwrite any files in the file system.

The multiple vulnerabilities of the API interface of the WADashboard component in the Advantech WebAccess remote monitoring software are related to deficiencies in path validation before its use in file operations. Exploiting these vulnerabilities could allow a malicious actor to read arbitrary...

The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper makes it possible for a attacker to write arbitrary files to the operating system of the vulnerable device.

The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper exists due to the lack of authentication when joining a quorum. Exploiting this vulnerability allows an attacker to...

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability (CNVD-2019-37414)

Cisco TelePresence is a Cisco TelePresence solution. A security vulnerability exists in Cisco TelePresence Collaboration Endpoint CE versions prior to 9.8.1 due to an improperly implemented privilege. An attacker can exploit the vulnerability to overwrite arbitrary files by logging in and...

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability

Cisco TelePresence is a Cisco TelePresence solution. A security vulnerability exists in Cisco TelePresence Collaboration Endpoint CE versions prior to 9.8.1 due to an improperly assigned privilege. The vulnerability can be exploited by an attacker to write to files in the /root directory by loggi...

Red Hat XML Language Support XML Language Server Path Traversal Vulnerability

Red Hat XML Language Support vscode-xml is the United States Red Hat Red Hat a support for the creation and editing of XML documents Visual Studio Code extensions. XML Language Server is used in one of the XML language server. A path traversal vulnerability exists in the XMLLanguageService.java...