Lucene search
K

977 matches found

Veracode
Veracode
added 2017/06/08 6:57 a.m.9 views

Arbitrary File Write

These npm packages are vulnerable to arbitrary file writes. Attackers are able to use these packages to create files within a system...

6.8AI score
Exploits0
OSV
OSV
added 2017/05/26 1:29 a.m.6 views

CVE-2017-9034

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates...

9.8CVSS6AI score0.0598EPSS
Exploits3References5
CNVD
CNVD
added 2017/05/11 12:0 a.m.6 views

Unspecified Vulnerability in Symantec Veritas NetBackup and NetBackup Appliance

Symantec Veritas NetBackup NBU and NetBackup NBU Appliance are both products of Symantec USA. The former is a set of enterprise-class backup management software that can run on multiple operating systems, and the latter is an enterprise-class backup management appliance. A security vulnerability...

10CVSS7.1AI score0.02698EPSS
Exploits0References1
Veracode
Veracode
added 2017/05/03 7:48 a.m.33 views

Remote Code Execution (RCE)

github.com/docker/docker is vulnerable to arbitrary file writes and remote code execution RCE. Attackers can perform these attacks using a hard link image attack in an image archive or through a symlink attack...

7.5CVSS7.2AI score0.04909EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2017/04/19 12:0 a.m.1 views

CwCMS-PHP Enterprise Website Management System Has Multiple Cross-Site Scripting Vulnerabilities

CwCMS-PHP is an enterprise website management system. Version 1.0 of the CwCMS-PHP enterprise website management system has multiple cross-site scripting vulnerabilities that allow attackers to write to arbitrary executable files and gain server privileges...

6.8AI score
Exploits0
CNVD
CNVD
added 2017/03/03 12:0 a.m.4 views

Rapid7 Metasploit Directory Traversal Vulnerability (CNVD-2017-02664)

Metasploit Pro is a guided penetration testing platform. A directory traversal vulnerability exists in the Meterpreter stdapi CommandDispatcher.cmddownload function in versions prior to Rapid7 Metasploit 4.13.0-2017020701. An attacker can exploit the vulnerability to write arbitrary files on the...

7.1CVSS7AI score0.01217EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/03 12:0 a.m.6 views

Rapid7 Metasploit Directory Traversal Vulnerability

Metasploit Pro is a guided penetration testing platform. A directory traversal vulnerability exists in the Meterpreter extapi Clipboard.parsedump function in versions prior to Rapid7 Metasploit 4.13.0-2017020701. An attacker can exploit the vulnerability to write arbitrary files on the Metasploit...

7.1CVSS7AI score0.01217EPSS
Exploits0References1
OSV
OSV
added 2017/03/02 8:59 p.m.6 views

CVE-2017-5231

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmddownload function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit...

7.1CVSS5.9AI score0.01217EPSS
Exploits0References2
CNVD
CNVD
added 2017/02/08 12:0 a.m.13 views

RubyGems minitar and archive-tar-minitar local directory traversal vulnerability

minitar formerly archive-tar-minitar is a pure Ruby library and command-line utility for working with POSIX tar archives. A directory traversal vulnerability exists in versions prior to minitar 0.6 and archive-tar-minitar 0.5.2 gems. An attacker can exploit this vulnerability to write arbitrary...

7.5CVSS7AI score0.04742EPSS
Exploits1References1
OSV
OSV
added 2017/01/23 9:59 p.m.3 views

UBUNTU-CVE-2015-8860

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive...

7.5CVSS7.3AI score0.04912EPSS
Exploits0References3
OSV
OSV
added 2016/12/09 10:59 p.m.1 views

DEBIAN-CVE-2016-6321

Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the filename parameter, aka POINTYFEATHER...

7.5CVSS7.7AI score0.15155EPSS
Exploits3References1
OSV
OSV
added 2016/12/09 10:59 p.m.4 views

ALPINE-CVE-2016-6321

Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the filename parameter, aka POINTYFEATHER...

7.5CVSS7.2AI score0.15155EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2016/10/17 12:0 a.m.3 views

PT-2016-3276 · Apache +3 · Apache Commons Fileupload +4

Name of the Vulnerable Software and Affected Versions: Apache Commons FileUpload versions prior to 1.3.3 Description: The issue is related to the deserialization mechanism in the DiskFileItem class of the Apache Commons FileUpload library. It allows a remote attacker to execute arbitrary code or...

10CVSS9.8AI score0.34731EPSS
Exploits0References63
OSV
OSV
added 2016/09/12 10:59 a.m.5 views

CVE-2016-6371

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment HCM-F 10.63 and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717...

7.5CVSS5.9AI score0.04778EPSS
Exploits0References3
CNVD
CNVD
added 2015/11/01 12:0 a.m.5 views

Techno Project Japan Enisys Gw Arbitrary Code Execution Vulnerability

Techno Project Japan Enisys Gw is an open source groupware software from Techno Project Japan. A security vulnerability exists in Techno Project Japan Enisys Gw. The vulnerability allows remote attackers to write to arbitrary files and execute arbitrary code...

6.5CVSS7.5AI score0.01959EPSS
Exploits0References1
CNVD
CNVD
added 2015/10/30 12:0 a.m.5 views

Apple iOS Double Release Vulnerability

Apple iOS is an operating system for handheld devices developed by Apple Inc. A double release vulnerability exists in Apple iOS versions prior to 9.1, and OS X versions prior to 10.11.1. The vulnerability allows an attacker to perform arbitrary file write operations via a crafted application tha...

8.8CVSS8.8AI score0.01758EPSS
Exploits0References1
CNVD
CNVD
added 2015/10/30 12:0 a.m.7 views

Apple OS X Symbolic Link Attack Vulnerability

Apple OS X is the operating system used by the Apple family of machines. A symbolic link attack vulnerability exists in Apple OS X versions prior to 10.11.1. The vulnerability allows an attacker to perform an unspecified symbolic link attack via a crafted application to perform arbitrary write to...

8.8CVSS6.7AI score0.01113EPSS
Exploits0References1
CNVD
CNVD
added 2015/05/26 12:0 a.m.4 views

IBM Security SiteProtector System Directory Traversal Vulnerability

The IBM Security SiteProtector System is a centralized management system that unifies the management and analysis of network, server and endpoint security agents and devices. A directory traversal vulnerability exists in IBM Security SiteProtector System, which allows remote attackers to write to...

5.5CVSS7AI score0.01362EPSS
Exploits0References1
OSV
OSV
added 2015/03/25 2:36 p.m.3 views

USN-2549-1 libarchive vulnerabilities

It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to...

6.4CVSS7AI score0.0489EPSS
Exploits1References3
CNVD
CNVD
added 2015/02/05 12:0 a.m.5 views

AVG Internet Security Elevation of Privilege Vulnerability

AVG Internet Security is an Internet security suite that includes antivirus, antispyware, antispam, link scanning and firewall. AVG Internet Security suffers from an elevation of privilege vulnerability, which can be exploited by a local attacker to write arbitrary files to enforce kernel-level...

7.2CVSS7.1AI score0.01458EPSS
Exploits5References1
Rows per page
Query Builder