SEMCMS_ASP_ v4.5 has CSRF and Arbitrary File Write Vulnerabilities

SemCMS is an open source foreign trade enterprise website management system, written in vbscript language, combined with iis running, SemCMS is very suitable for foreign trade enterprises, e-commerce Internet use. SEMCMSASP v4.5 exists CSRF and arbitrary file writing vulnerability. Attackers can...

Synology DiskStation Manager Directory Traversal Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology. The operating system manages information such as data, files, photos, music and more. A directory traversal vulnerability exists in SYNO.FileStation.Extract in Synology DSM versions 6.0.x...

Synology File Station Directory Traversal Vulnerability

Synology File Station is a set of file management tools from Synology. The tool enables users to access files on Synology NAS devices via the Web. A directory traversal vulnerability exists in SYNO.FileStation.Extract in Synology File Station versions prior to 1.1.1-0099. A remote attacker can...

CVE-2017-17560

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multiuploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file...

Pomelo Admin Console Web存在任意文件写入漏洞

...

Mobotap Dolphin Browser for Android Arbitrary File Write Vulnerability

Mobotap Dolphin Browser for Android is a web browser for the Android platform from MoboTap. An arbitrary file write vulnerability exists in version 12.0.2 of Mobotap Dolphin Browser for Android. An attacker can exploit this vulnerability to overwrite executable files in the Dolphin Browser data...

CVE-2017-17551

The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a...

Design/Logic Flaw

The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a...

CVE-2017-17551

The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a...

CVE-2017-17551

The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a...

CVE-2017-17551

Summary (CVE-2017-17551) : Affected product is Mobotap Dolphin Browser for Android (version 12.0.2). The flaw is an arbitrary file-write vulnerability during restoration of browser settings from a malicious Dolphin Browser backup file. An attacker could overwrite a specific executable in the brow...

PT-2017-14272 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions 6.0.x before 6.0.3-8754-3 Synology DiskStation Manager DSM versions 5.2-5967-6 and earlier Description: A directory traversal issue in the SYNO.FileStation.Extract component allows remote authenticate...

Multiple Cisco Products Cisco NX-OS System Software Arbitrary File Write Vulnerability

Cisco Multilayer Director Switches are products of Cisco Corporation.Cisco Multilayer Director Switches is a switch product.Unified Computing System Manager is a set of embedded device management software.Cisco NX-OS System Software is a set of software that runs in the switch. Cisco NX-OS System...

CVE-2017-12332

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installin...

QuickerBB Arbitrary File Write Vulnerability

QuickerBB is a lightweight PHP-based forum software. An arbitrary file write vulnerability exists in QuickerBB 0.7.2 and earlier versions. A remote attacker can exploit this vulnerability to execute code and take control of the server...

CVE-2017-1000169

QuickerBB version = 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB...

CVE-2017-1000169

QuickerBB version = 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB...

CVE-2017-1000125

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...

CVE-2017-1000125

CVE-2017-1000125 affects Codiad. The vulnerability arises because full-version Codiad allows writing arbitrary data to its installation configuration file, enabling an attacker to upload a webshell. The issue is described consistently across sources as a file upload/configuration write flaw leadi...

Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write

Description The vulnerability is triggered by an authenticated user that can use the manualcommand console in the management panel of the affected application. The ManualCommand function in ManualCommand.js allows users to perform additional diagnostics and settings overview by using pre-defined...