CVE-2019-1894 Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...

UBUNTU-CVE-2019-13241

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in a ZIP archive entry that is mishandled during extraction...

RHEL 7 : Red Hat OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:1632)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1632 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Container Platform 3.11 atomic-openshift security update

An update for atomic-openshift is now available for OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp`

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

kubernetes: Incomplete fix for CVE-2019-1002101 allows for arbitrary file write via `kubectl cp`

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

Arbitrary File Write Vulnerability in MLECMS

MLECMS is a PHP + MYSQL based on the core development of the building system. MLECMS has an arbitrary file write vulnerability that can be exploited by attackers to gain control of the web server...

Open Redirect

Overview httpie is a command line HTTP client. Affected versions of this package are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server...

CVE-2019-1629 Cisco Integrated Management Controller Arbitrary File Write Vulnerability

A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...

Cisco Integrated Management Controller Arbitrary File Write Vulnerability

A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...

Arbitrary File Write

Overview Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.4.9 or later. References - GitHub Pull Request - Zip Slip...

Directory Traversal

pip is vulnerable to directory traversal. During installation of a remote package via pip install , a malicious server can send a Content-Disposition header containing ../ to join the temporary directory and the filename as download path, which allows for arbitrary file write and potentially code...

CVE-2019-6737

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

CVE-2019-6737

CVE-2019-6737 affects Bitdefender SafePay 23.0.10.34. The root cause is improper handling of the TIScript openFile method, enabling an attacker-controlled arbitrary file write and remote code execution, with user interaction required (visiting a malicious page or opening a malicious file). Docume...

Valve: [CS 1.6] Map cycle abuse allows arbitrary file read/write

The CS 1.6 server has a feature of map cycle - i.e. automatic map change after specified period of time. This feature relies on data of the file specified in mapcyclefile cvar. Any user with RCON access to the server can set this variable to arbitrary value - no input sanitization applies. In ord...

Command injection

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution as root, starting from a low-privilege user session vulnerability. The cgi-bin/webfilemgr.cgi file allows arbitrary file write by...

Valve: Arbitrary File Write as SYSTEM from unprivileged user

Note: This report was reviewed and updated after a correction to program scope. Vulnerability ======== The Steam Client installs a "Steam Client Service" that runs as SYSTEM to update the steam application. This service executes from C:\Program Files x86\Common\Steam where permissions are properl...

Arbitrary File Write

pcs is vulnerable to arbitrary file write attacks. An authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process via malicious REST calls...

Arbitrary File Write

github.com/mholt/archiver is vulnerable to arbitrary file write attacks. The vulnerability exists as the library does not properly sanitize the destination filepath when extracting archived files, allowing a malicious user to extract files to an arbitrary filepath and overwrite files...