(Pwn2Own) Microsoft Teams electronSafeIpc Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. No user interaction is required if the attacker and target are in the same Teams organization. The specific flaw exists within the communication API. The issue lies in the handling o...

F5 BIG-IP iControl Cross Site Request Forgery Exploit

This Metasploit module exploits a cross-site request forgery CSRF vulnerability in F5 Big-IP's iControl interface to write an arbitrary file to the filesystem. While any file can be written to any location as root, the exploitability is limited by SELinux; the vast majority of writable locations...

F5 BIG-IP iControl Cross Site Request Forgery

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP iControl CSRF File Write SOAP API', 'Description' = %q This module exploits a cross-site request forgery CSRF vulnerability in F5...

F5 BIG-IP iControl CSRF File Write SOAP API

This module exploits a cross-site request forgery CSRF vulnerability in F5 Big-IP's iControl interface to write an arbitrary file to the filesystem. While any file can be written to any location as root, the exploitability is limited by SELinux; the vast majority of writable locations are...

CVE-2022-38165

Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server...

Design/Logic Flaw

Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server...

CVE-2022-38165

Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server...

CVE-2022-38165

Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server...

CVE-2022-38165

The CVE-2022-38165 entry concerns Arbitrary file write in F-Secure Policy Manager (and WithSecure rebrand) prior to 2022-08-10. An unauthenticated attacker could write arbitrary files to arbitrary locations on the Policy Manager Server. Publicly available connected documents corroborate the flaw’...

PT-2022-24252 · F Secure · F-Secure Policy Manager +1

Name of the Vulnerable Software and Affected Versions: F-Secure Policy Manager versions prior to 2022-08-10 WithSecure versions prior to 2022-08-10 Description: The issue allows unauthenticated users to perform an arbitrary file write, enabling them to write files with arbitrary contents in vario...

F-Secure Policy Manager 安全漏洞

F-Secure Policy Manager is an enterprise security solution from Finnish company F-Secure. A security vulnerability exists in F-Secure Policy Manager that originates from a file whose contents can be written in any location by an unauthenticated user, which can be exploited by an attacker to write...

BACKCLICK 路径遍历漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63 that stems from improper validation or cleanup of uploaded filenames, where an...

CLSA-2022-1668547209 xz: Fix of CVE-2022-1271

CVE-2022-1271: Fix arbitrary file write vulnerability in xzgrep utility...

CLSA-2022-1668546739 xz: Fix of CVE-2022-1271

CVE-2022-1271: Fix arbitrary file write vulnerability in xzgrep utility...

samba: server memory information leak via SMB1

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

Exploit for Path Traversal in Zimbra Collaboration

CVE-2022-41352 Zimbra Unauthenticated RCE CVE-2022-41352...

MetaMask: Arbitrary file write triggered by deeplink abuse - MetaMask Android

A vulnerability was discovered in the MetaMask Android app that allowed for arbitrary files to be written to disk. Attackers were able to exploit this vulnerability by deeplinking into MetaMask's in-app browser and triggering the immediate download of an attacker-supplied file. Users were not...

Arbitrary File Write

apache ivy is vulnerable to arbitrary file write. The vulnerability exists due to the unpack function in ZipPacking.java not properly verifying the target path when extracting an artifact archive, allowing an attacker to write files to any location on the file system through the absolute paths or...

PT-2022-5515 · Microsoft · Windows System Monitor

Name of the Vulnerable Software and Affected Versions: Microsoft Windows System Monitor Sysmon affected versions not specified Description: The issue is related to insufficient access control in the Microsoft Windows System Monitor Sysmon service, which can allow an attacker to elevate their...

CVE-2022-37865

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. A...