GHSA-65V6-3C9M-HMRP Arbitrary file write in net.mingsoft:ms-mcms

MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do...

CVE-2022-39045

A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-39045

A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-39045

Mode C: Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 is affected by TALOS-2022-1611/CVE-2022-39045. A file-write vulnerability exists in the httpd upload.cgi functionality that, due to lack of filename sanitization, allows path traversal to overwrite arbitrary files. An uploaded file can be written...

CVE-2022-47042

MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do...

CVE-2022-47042

MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do...

PT-2023-13677 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: A file write issue exists in the httpd upload.cgi functionality. This can be triggered by a specially-crafted HTTP request, leading to arbitrary file upload. An attacker can...

Siretta QUARTZ-GOLD httpd upload.cgi file write vulnerability

Talos Vulnerability Report TALOS-2022-1611 Siretta QUARTZ-GOLD httpd upload.cgi file write vulnerability January 26, 2023 CVE Number CVE-2022-39045 SUMMARY A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HT...

CVE-2022-29844 Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.10013)

The version of AHV installed on the remote host is prior to 20220304.10013. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.10013 advisory. - In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 - In Expat...

CVE-2022-47042

MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do...

CVE-2022-47042

CVE-2022-47042 affects MingSoft MCMS v5.2.10 and earlier. The vulnerability is an arbitrary file write via the component path ms/template/writeFileContent.do . Root cause described as an unrestricted file write in that endpoint, enabling an attacker to write arbitrary files. The CVSS 3.1 base met...

PT-2023-15143 · Mcms · Mcms

Name of the Vulnerable Software and Affected Versions: MCMS versions 5.2.10 and below Description: The issue allows for an arbitrary file write via the ms/template/writeFileContent.do endpoint. Recommendations: For MCMS versions 5.2.10 and below, at the moment, there is no information about a new...

CVE-2022-47042

MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do...

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...