977 matches found
Arbitrary File Write
These npm packages are vulnerable to arbitrary file writes. Attackers are able to use these packages to create files within a system...
CVE-2017-9034
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates...
Unspecified Vulnerability in Symantec Veritas NetBackup and NetBackup Appliance
Symantec Veritas NetBackup NBU and NetBackup NBU Appliance are both products of Symantec USA. The former is a set of enterprise-class backup management software that can run on multiple operating systems, and the latter is an enterprise-class backup management appliance. A security vulnerability...
Remote Code Execution (RCE)
github.com/docker/docker is vulnerable to arbitrary file writes and remote code execution RCE. Attackers can perform these attacks using a hard link image attack in an image archive or through a symlink attack...
CwCMS-PHP Enterprise Website Management System Has Multiple Cross-Site Scripting Vulnerabilities
CwCMS-PHP is an enterprise website management system. Version 1.0 of the CwCMS-PHP enterprise website management system has multiple cross-site scripting vulnerabilities that allow attackers to write to arbitrary executable files and gain server privileges...
Rapid7 Metasploit Directory Traversal Vulnerability (CNVD-2017-02664)
Metasploit Pro is a guided penetration testing platform. A directory traversal vulnerability exists in the Meterpreter stdapi CommandDispatcher.cmddownload function in versions prior to Rapid7 Metasploit 4.13.0-2017020701. An attacker can exploit the vulnerability to write arbitrary files on the...
Rapid7 Metasploit Directory Traversal Vulnerability
Metasploit Pro is a guided penetration testing platform. A directory traversal vulnerability exists in the Meterpreter extapi Clipboard.parsedump function in versions prior to Rapid7 Metasploit 4.13.0-2017020701. An attacker can exploit the vulnerability to write arbitrary files on the Metasploit...
CVE-2017-5231
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmddownload function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit...
RubyGems minitar and archive-tar-minitar local directory traversal vulnerability
minitar formerly archive-tar-minitar is a pure Ruby library and command-line utility for working with POSIX tar archives. A directory traversal vulnerability exists in versions prior to minitar 0.6 and archive-tar-minitar 0.5.2 gems. An attacker can exploit this vulnerability to write arbitrary...
UBUNTU-CVE-2015-8860
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive...
DEBIAN-CVE-2016-6321
Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the filename parameter, aka POINTYFEATHER...
ALPINE-CVE-2016-6321
Directory traversal vulnerability in the safernamesuffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the filename parameter, aka POINTYFEATHER...
PT-2016-3276 · Apache +3 · Apache Commons Fileupload +4
Name of the Vulnerable Software and Affected Versions: Apache Commons FileUpload versions prior to 1.3.3 Description: The issue is related to the deserialization mechanism in the DiskFileItem class of the Apache Commons FileUpload library. It allows a remote attacker to execute arbitrary code or...
CVE-2016-6371
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment HCM-F 10.63 and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717...
Techno Project Japan Enisys Gw Arbitrary Code Execution Vulnerability
Techno Project Japan Enisys Gw is an open source groupware software from Techno Project Japan. A security vulnerability exists in Techno Project Japan Enisys Gw. The vulnerability allows remote attackers to write to arbitrary files and execute arbitrary code...
Apple iOS Double Release Vulnerability
Apple iOS is an operating system for handheld devices developed by Apple Inc. A double release vulnerability exists in Apple iOS versions prior to 9.1, and OS X versions prior to 10.11.1. The vulnerability allows an attacker to perform arbitrary file write operations via a crafted application tha...
Apple OS X Symbolic Link Attack Vulnerability
Apple OS X is the operating system used by the Apple family of machines. A symbolic link attack vulnerability exists in Apple OS X versions prior to 10.11.1. The vulnerability allows an attacker to perform an unspecified symbolic link attack via a crafted application to perform arbitrary write to...
IBM Security SiteProtector System Directory Traversal Vulnerability
The IBM Security SiteProtector System is a centralized management system that unifies the management and analysis of network, server and endpoint security agents and devices. A directory traversal vulnerability exists in IBM Security SiteProtector System, which allows remote attackers to write to...
USN-2549-1 libarchive vulnerabilities
It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to...
AVG Internet Security Elevation of Privilege Vulnerability
AVG Internet Security is an Internet security suite that includes antivirus, antispyware, antispam, link scanning and firewall. AVG Internet Security suffers from an elevation of privilege vulnerability, which can be exploited by a local attacker to write arbitrary files to enforce kernel-level...