Design/Logic Flaw

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

CVE-2021-23772 Arbitrary File Write

This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder...

CVE-2021-23772

CVE-2021-23772 affects all versions of github.com/kataras/iris and iris/v12, due to unsafe handling of filenames in UploadFormFiles that can allow writing to arbitrary locations outside the target folder. Multiple sources (Red Hat, SUSE, OSV, CVE listings) consistently describe a directory-traver...

Arbitrary File Write

Overview github.com/kataras/iris is a fast, simple yet fully featured and very efficient web framework for Go. Affected versions of this package are vulnerable to Arbitrary File Write. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to...

Arbitrary File Write

Overview github.com/kataras/iris/v12 is a fast, simple yet fully featured and very efficient web framework for Go. Affected versions of this package are vulnerable to Arbitrary File Write. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write t...

CVE-2021-35244

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution...

PT-2021-7988 · Emerson · Emerson Dixell Xweb-500

Name of the Vulnerable Software and Affected Versions: Emerson Dixell XWEB-500 affected versions not specified Description: The issue is related to an arbitrary file write vulnerability in the /cgi-bin/logo extra upload.cgi, /cgi-bin/cal save.cgi, and /cgi-bin/lo utils.cgi API endpoints. This...

Adobe Connect 跨站请求伪造漏洞

Adobe Connect is a software used to create meeting environments by Adobe. Adobe Connect suffers from a cross-site request forgery vulnerability that stems from the software's lack of token authentication for cross-site request forgery, which can be exploited by an attacker to trigger an arbitrary...

OpenOLAT 路径遍历漏洞

OpenOLAT is a web-based e-learning platform for teaching, learning, assessing and communicating with an LMS, a learning management system. a security vulnerability exists in versions of OpenOlat prior to 15.5.12 and 16.0.5, which stems from the fact that by providing a file name containing a...

CVE-2021-25511

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability...

CVE-2021-25511

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability...

Samsung SMR 路径遍历漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR Dec-2021 Release 1, which can be exploited by an attacker to write arbitrary files via a path traversal vulnerabili...

CVE-2021-42133

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...

CVE-2021-42133

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...

Design/Logic Flaw

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...

EUVD-2021-29118

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...

CVE-2021-42133

CVE-2021-42133 affects Ivanti Avalanche prior to 6.3.3. The vulnerability is an exposed dangerous function that, if an attacker can reach the Inforail Service, enables arbitrary file write. Red Hat and NVD entries mirror the same description; ZDI additionally notes a remote code execution path th...

CVE-2021-42133

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write...

Ivanti Avalanche 代码问题漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche that could be exploited by an attacker to perform arbitrary fil...

The vulnerability of the ECShop e-commerce center system, related to the failure to take measures to neutralize special elements used in SQL queries, allows a hacker to write arbitrary files.

The vulnerability of the ECShop e-commerce shopping center system lies in the lack of measures taken to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code by executing the admin/shophelp.php script with the id...