CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication...

CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...

CVE-2021-45420

Emerson Dixell XWEB-500 devices are affected by an unauthenticated arbitrary file-write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. Exploitation allows writing arbitrary files to the target system, with potential denial of service and remote ...

Emerson Xweb-500 授权问题漏洞

Emerson Xweb-500 is a data logging and remote monitoring system based on Web server technology from Emerson Electric Company USA. An authorization issue vulnerability exists in Emerson Xweb-500 that arises from the Emerson Dixell XWEB-500 product being affected by /cgi-bin/logoextraupload.cgi,...

XWiki File Write Vulnerability (GHSA-7ph6-5cmq-xgjq)

XWiki is prone to a file write vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

Sealevel Systems SeaConnect 370W File Writing Vulnerability

Sealevel Systems SeaConnect 370W is an Industrial Internet of Things Iiot edge device from Sealevel Systems, Inc. The Sealevel Systems SeaConnect 370W is vulnerable to a file-write vulnerability, which stems from the fact that the product's OTA update task feature does not effectively restrict...

Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write (cisco-sa-capic-frw-Nt3RYxR2)

According to its self-reported version, Cisco Application Policy Infrastructure Controller is affected by a vulnerability in an API endpoint which could allow a remote, unauthenticated attacker to read or write arbitrary files on an affected system. Please see the included Cisco BIDs and Cisco...

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

CVE-2022-22679

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in support service management in Synology DiskStation Manager DSM before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors...

CVE-2021-21968

A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

Arbitrary file deletion

A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2021-21968

A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

CVE-2021-21968

CVE-2021-21968 affects Sealevel Systems SeaConnect 370W v1.3.34. The OTA update task allows a specially crafted MQTT payload to overwrite arbitrary files due to improper input validation in the OTA download logic (notably the dest field can create/open any file). This can enable a MITM attacker t...

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

GHSA-M22M-H4RF-PWQ3 Path Traversal in SharpZipLib

SharpZipLib or ziplib is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry ../evil.txt may be extracted in the parent directory of destFolder. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in version 1.3.3...

Exposure of Resource to Wrong Sphere in Zip-Local

The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory...

GHSA-WXJ7-97FP-J53J Exposure of Resource to Wrong Sphere in Zip-Local

The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip which can lead to an extraction of a crafted file outside the intended extraction directory...

Sealevel Systems SeaConnect 370W 安全漏洞

Sealevel Systems SeaConnect 370W is an Industrial Internet of Things Iiot edge device from Sealevel Systems, Inc. The Sealevel Systems SeaConnect 370W is vulnerable to a file-write vulnerability, which stems from the fact that the product's OTA update task feature does not effectively restrict...

The vulnerability in the web interface of the software system for monitoring and managing Cisco Prime Infrastructure network equipment, as well as the Cisco Evolved Programmable Network Manager software for managing network services, allows a perpetrator to write arbitrary files.

The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager software relates to deficiencies in path name checking for access-limited directories. Exploiting this vulnerability could allow a malicious actor to...