CVE-2023-28371

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

Fortinet FortiNAC keyUpload.jsp Arbitrary File Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiNAC keyUpload.jsp arbitrary file write', 'Description' = %q This module uploads a payload to the /tmp directory in addition to a cr...

CVE-2023-28338

Any request send to a Netgear Nighthawk Wifi6 Router RAX30's web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting ...

CVE-2023-28371

CVE-2023-28371 affects Stellarium up to version 1.2, enabling arbitrary file writes via absolute pathnames or .. directory traversal. Connected advisories confirm the root cause is improper file write permissions within Stellarium’s handling of path traversal. Impact is high (potential data discl...

Fortinet FortiNAC keyUpload.jsp Arbitrary File Write Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiNAC keyUpload.jsp arbitrary file write', 'Description' = %q This module uploads a payload to the /tmp directory in addition to a cr...

CVE-2023-28371

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

Fortinet FortiNAC keyUpload.jsp arbitrary file write

This module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The core vulnerability is an arbitrary file write issue in /configWizard/keyUpload.jsp which is accessible remotely and without authentication...

Remote Code Execution Vulnerability Through Unrestrict File Write

Description In the import setting function, in the file Froxlor\lib\Froxlor\SImExporter.php php fileputcontents$imgfilename, $imgdata; if functionexists'finfoopen' $finfo = finfoopenFILEINFOMIMETYPE; $mimetype = finfofile$finfo, $imgfilename; finfoclose$finfo; else $mimetype =...

CVE-2022-46723

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files...

CVE-2022-46723

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Monterey before 12.6.1 and macOS Big Sur before 11.7.1. An attacker could exploit the vulnerability to write arbitrary files...

CVE-2022-22582

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files...

K23985340: Spring Integration Zip vulnerability CVE-2018-1261

Security Advisory Description Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the...

K17212: PHP vulnerability CVE-2014-5459

Security Advisory Description The PEARREST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a 1 rest.cachefile or 2 rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions...

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

Exploit for External Control of File Name or Path in Fortinet Fortinac

CVE-2022-39952 POC for CVE-2022-39952 affecting Fortinet Forti...

CVE-2023-24484

A malicious user can cause log files to be written to a directory that they do not have permission to write to...

PT-2023-1417 · Fortinet · Fortinac

Name of the Vulnerable Software and Affected Versions: FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.7, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to incorrect external control of file name or path...

CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

SUSE CVE-2008-5625

PHP 5 before 5.2.7 does not enforce the errorlog safemode restrictions when safemode is enabled through a phpadminflag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "phpvalue errorlog" entry in a .htaccess file...