CVE-2021-25877

AVideo/YouPHPTube 10.0 and earlier is affected by an insecure file write vulnerability. An administrator-privileged user can write arbitrary files on the filesystem via the save.php file using lag and code variables. Documented impact is ability to write files on the server filesystem, enabli...

CVE-2021-25877

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php...

YouPHPTube 代码注入漏洞

YouPHPTube is a PHP-based video website system. YouPHPTube has a security vulnerability that originates from an administrator privileged user being able to write files on the file system using flags and code variables in file save.php...

PT-2021-16825 · Unknown · Avideo/Youphptube

Name of the Vulnerable Software and Affected Versions: AVideo/YouPHPTube versions 10.0 and prior Description: The issue allows an administrator-privileged user to write files on the filesystem using flag and code variables in the file save.php. This is due to insecure file write. Recommendations:...

CVE-2021-30833

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files...

PHP 7.3.x < 7.3.31 Arbitrary File Write

The version of PHP installed on the remote host is 7.3.x prior to 7.3.31. It is, therefore, affected by a vulnerability as referenced in the version 7.3.31 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...

PHP 7.4.x < 7.4.24 Arbitrary File Write

The version of PHP installed on the remote host is 7.4.x prior to 7.4.25. It is, therefore, affected by a vulnerability as referenced in the version 7.4.24 advisory. In the Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when...

CVE-2021-34761 Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability

A vulnerability in Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete...

GHSA-4365-FHM5-QCRX Maliciously Crafted Model Archive Can Lead To Arbitrary File Write

Impact An Archive Extraction Zip Slip vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file. Patches The vulnerability is fixed ...

Arbitrary File Write

rasa is vulnerable to arbitrary file write. A malicious user is able to cause arbitrary file writes within specific directories via a trained model which contains a crafted model.tar.gz file...

CVE-2021-41127 Maliciously Crafted Model Archive Can Lead To Arbitrary File Write in rasa

Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...

Zoom Client < 4.6.12 Multiple Vulnerabilities (Jun 2020)

The Zoom Client is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoom:zoom"; ifdescription...

in mostafa-samir/zip-local

Description zip-local is vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. Proof of Concept // PoC.js var zipper = require'zip-local'; zipper.unzip"zipslip.zip", functionerror, unzipped if!error // extract to the current working directory unzipped.savenull, function ; var...

PT-2021-7669 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions Update 14 and earlier Adobe ColdFusion versions Update 4 and earlier Description: The issue exists due to improper limitation of a pathname to a restricted directory, allowing for path traversal. This could result in...

VulnCheck KEV: CVE-2021-21983

Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...

Sophos HitmanPro 安全漏洞

Sophos HitmanPro is an excellent multi-engine cloud anti-virus scanner from Sophos UK.Sophos HitmanPro suffers from a security vulnerability that stems from a lack of authentication, access control, permission management and other security measures in the network system or product, which could be...

CVE-2021-25485

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket...

Path traversal

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket...

GHSA-4CFR-GJFX-FJ3X Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.

Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...