7192 matches found
PT-2022-25193 · Unknown · Simple College Website
Name of the Vulnerable Software and Affected Versions: Simple College Website version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted PHP file, leveraging an arbitrary file write vulnerability. This is achieved through the file put contents function...
jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin
A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...
Safe Software FME Server 路径遍历漏洞
Safe Software FME Server is a web-based data conversion application from Safe Software Canada Inc. It is used to automate data and application integration workflows in a code-free environment. Safe Software FME Server suffers from a path traversal vulnerability that stems from a validation check...
rsync: remote arbitrary files write inside the directories of connecting peers
A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can copy and overwrite arbitrary files in the client's rsync target directory and subdirectories. This flaw allows a malicious server, or in some cases, another attacker wh...
QNAP NAS Photo Station Arbitrary File Write (CVE-2022-27593)
An arbitrary file write vulnerability exists in QNAP NAS Photo Station. Successful exploitation of this vulnerability could result in code execution on the affected system...
Remote Code Execution (RCE) via Arbitrary File Write and Path Traversal
Description Immich constructs the path, filename, and file extension of uploaded files from improperly sanitized user input. Therefore, the upload function is vulnerable to a path traversal attack leading to arbitrary file write. This can lead to RCE by overwriting JavaScript files. Proof of...
CVE-2022-34109
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto, regardless of file type or size...
CVE-2022-34109
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto, regardless of file type or size...
CVE-2022-34109
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto, regardless of file type or size...
Design/Logic Flaw
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto, regardless of file type or size...
CVE-2022-34109
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto, regardless of file type or size...
CVE-2022-34109
CVE-2022-34109 affects MSI Feature Navigator v1.0.1808.0901; the issue allows local attackers to write arbitrary files into the PromoPhoto directory, enabling potential arbitrary file write. CVE-2022-34110 enables attackers to download arbitrary files, also affecting the same MSI component. CVE-2...
GHSA-P2F7-9CV7-JJF6 Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations
This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...
CVE-2022-26049 Arbitrary File Write via Archive Extraction (Zip Slip)
This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...
GHSA-9VM3-R8GQ-CR6X Casdoor arbitrary file write vulnerability
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource...
Casdoor arbitrary file write vulnerability
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource...
CVE-2022-38638
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource...
CVE-2022-38638
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource...
CVE-2022-38638
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource...
CVE-2022-38638
Casdoor v1.97.3 is affected by an arbitrary file-write vulnerability exploitable via the fullFilePath parameter in /api/upload-resource. The CVE-2022-38638 entry is rated CRITICAL (CVSS 3.1: AV=N, AC=L, PR=N, UI=N, S=U, C=N, I=H, A=H) with network access and no user interaction. Root cause, impac...