WordPress plugin Import any XML or CSV File to WordPress 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. The WordPress plugin Import any XML or CSV File to...

SolarWinds Orion Arbitrary File Write (CVE-2020-27871)

An arbitrary file write vulnerability exists in SolarWinds Network Configuration Manager. The vulnerability is due to insufficient validation of file types for vulnerability announcement data files in VulnerabilitySettings.aspx, combined with a lack of restriction on destination paths. A remote,...

CVE-2022-38582

Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files...

Watchdog Antivirus 安全漏洞

Watchdog Antivirus is an anti-malware program from Watchdog. Designed to neutralize viruses, trojans, rootkits, worms, spyware and adware. A security vulnerability exists in Watchdog Antivirus version v1.4.158, which stems from incorrect access control in the anti-virus driver wsdkd.sys, allowing...

PT-2022-24470 · Unknown · Watchdog Anti-Virus

Name of the Vulnerable Software and Affected Versions: Watchdog Antivirus version 1.4.158 Description: The issue is related to incorrect access control in the anti-virus driver wsdkd.sys, which allows attackers to write arbitrary files. Recommendations: For Watchdog Antivirus version 1.4.158,...

Amazon Linux 2022 : xz, xz-devel, xz-libs (ALAS2022-2022-187)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-187 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

Amazon Linux 2022 : gzip (ALAS2022-2022-188)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-188 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

CVE-2022-20955

The CVE-2022-20955 issue affects Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software. The root cause is improper access controls on local file system assets and the CLI, enabling authenticated, local attackers to overwrite arbitrary files via symbolic links and to pe...

CVE-2022-20954 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the...

CVE-2022-27623

Summary (CVE-2022-27623) : Synology DiskStation Manager (DSM) prior to version 7.1-42661 is affected by a missing authentication for a critical function in the iSCSI management feature. This allows remote attackers to read or write arbitrary files via unspecified vectors. The issue is documented ...

Email-Worm.Win32.Kipis.c MVID-2022-0652 File Write / Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8d0df60c96e4011c312d61ed3e6dc70e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Kipis.c Vulnerability: Remote File Write Code Execution Description: The...

CVE-2022-20776

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the...

Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the...

PT-2022-5341 · Cisco · Cisco Roomos +1

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Collaboration Endpoint CE Software affected versions not specified Cisco RoomOS Software affected versions not specified Description: The issue is related to incorrect directory path restriction in the xAPI component of the...

CVE-2022-3368

A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556...

CVE-2022-38424

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...

Adobe ColdFusion 缓冲区错误漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and a scripting language. Adobe ColdFusion has a security vulnerability. An attacker can exploit the vulnerability to execute...

Exploit for Path Traversal in Zimbra Collaboration

cve-2022-41352 generate poc.tar $ chmod +x cpiopocgen...

EulerOS Virtualization 3.0.6.0 : gzip (EulerOS-SA-2022-2563)

According to the versions of the gzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file nam...

EulerOS Virtualization 3.0.6.0 : xz (EulerOS-SA-2022-2597)

According to the versions of the xz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name...