Design/Logic Flaw

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

CVE-2023-29128

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacke...

CVE-2023-31472

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied...

PT-2023-23355 · Gl.Inet · Gl.Inet

Name of the Vulnerable Software and Affected Versions: GL.iNet devices running firmware prior to 3.216 Description: An issue allows for arbitrary file write, enabling the creation of an empty file almost anywhere on the filesystem, given that the filename and path are no more than 6 characters. T...

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

GL.iNet devices 命令注入漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A command injection vulnerability exists in GL.iNet devices prior to version 3.216, which stems from an arbitrary file write vulnerability that can create an empty file anywhere on the file system...

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

GL.iNet devices 安全漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which stems from an arbitrary file write vulnerability that can create an empty file anywhere on the file system...

PT-2023-23351 · Gl.Inet · Gl.Inet

Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 3.216 Description: An issue was discovered that allows for arbitrary file write, enabling the creation of an empty file anywhere on the filesystem. This is caused by a command injection vulnerability with a...

CVE-2023-31476

GL.iNet devices with firmware older than 3.216 are affected by an arbitrary file write vulnerability that lets an empty file be created almost anywhere in the filesystem, as long as the filename and path are ≤ 6 characters and the working directory is /www. Impact details from CVE indicate potent...

CVE-2023-31472

GL.iNet devices prior to 3.216 are affected by a command-injection–driven arbitrary file-write vulnerability that allows creating empty files anywhere on the filesystem. Root cause: an input filter failure enables unintended file writes via a crafted command. Impact: potential unauthorized file c...

ManageEngine ADAudit Plus Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADAudit Plus Authenticated File Write RCE', 'Description' = %q This module exploits security issues in ManageEngine ADAudit Plus pri...

CVE-2023-31472

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied...

ManageEngine ADAudit Plus Authenticated File Write RCE

This module exploits security issues in ManageEngine ADAudit Plus prior to 7006 that allow authenticated users to execute arbitrary code by creating a custom alert profile and leveraging its custom alert script component. The module first runs a few checks to test the provided credentials, retrie...

WORKS MOBILE Drive Explorer for macOS 代码注入漏洞

WORKS MOBILE Drive Explorer for macOS is a drive explorer for macOS from WORKS MOBILE Japan. A security vulnerability exists in WORKS MOBILE Drive Explorer for macOS, which stems from the fact that execution of LINE WORKS Drive Explorer requires full disk access privileges, allowing an attacker t...

EulerOS Virtualization 3.0.2.0 : xz (EulerOS-SA-2023-1739)

According to the versions of the xz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name...

EulerOS Virtualization 3.0.2.0 : gzip (EulerOS-SA-2023-1716)

According to the versions of the gzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file nam...

CVE-2023-21505

Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox...

CVE-2023-21505

Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox...

CVE-2023-21491

Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege...