7184 matches found
CVE-2020-27466
CVE-2020-27466 affects rConfig 3.9.6. The vulnerability is in lib/AjaxHandlers/ajaxEditTemplate.php and is described as an arbitrary file write that allows an attacker to execute arbitrary code via a crafted file. Publicly available connected documents corroborate this as the core issue; however,...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview elFinder.NetCore is a file manager for Web. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation. PoC Upload the...
Microsoft Exchange ProxyShell RCE
This module exploits a vulnerability on Microsoft Exchange Server that allows an attacker to bypass the authentication CVE-2021-31207, impersonate an arbitrary user CVE-2021-34523 and write an arbitrary file CVE-2021-34473 to achieve the RCE Remote Code Execution. By taking advantage of this...
apache-flink: directory traversal attack allows remote file writing through the REST API
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...
Lucee Administrator imgProcess.cfm Arbitrary File Write Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lucee Administrator imgProcess.cfm Arbitrary File Write', 'Description' = %q This module exploits an arbitrary file write in Lucee Administrator'...
Lucee Administrator imgProcess.cfm Arbitrary File Write
This module exploits an arbitrary file write in Lucee Administrator's imgProcess.cfm file to execute commands as the Tomcat user. Module Options msf use exploit/linux/http/luceeadminimgprocessfilewrite msf exploitluceeadminimgprocessfilewrite show targets ...targets... msf...
Lucee Administrator imgProcess.cfm Arbitrary File Write
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lucee Administrator imgProcess.cfm Arbitrary File Write', 'Description' = %q This module exploits an arbitrary file write in Lucee Administrator'...
CVE-2021-32825
bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary location...
CVE-2021-32825
bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary location...
CVE-2021-22937
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface...
CVE-2021-22937
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface...
Design/Logic Flaw
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface...
Design/Logic Flaw
bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary location...
CVE-2021-32825
CVE-2021-32825 pertains to bblfshd, an open-source self-hosted server for source code parsing. The vulnerability, a zipslip flaw in the unpacking routine, arises from unsafe handling of symbolic links, allowing an attacker to read or write outside the designated target folder. Impact can include ...
CVE-2021-22937
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface...
CVE-2021-22937
CVE-2021-22937 affects Pulse Connect Secure (PCS) prior to version 9.1R12. An authenticated administrator could write arbitrary files by uploading a malicious archive via the administrator web interface, potentially enabling remote code execution with elevated privileges. Public advisories (Ivant...
Path Traversal
bblfshd is an open source self-hosted server for source code parsing. In bblfshd there is a zipslip vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. This issue may le...
bblfshd 后置链接漏洞
bblfshd is a cli tool for controlling installed drivers and querying the status of daemons. A backlink vulnerability exists in bblfshd, which stems from the incorrect handling of symbolic links during the unpacking process of the product, and can be exploited by an attacker to write a malicious...
CVE-2021-36942
Windows LSA Spoofing Vulnerability Recent assessments: jbaines-r7 at January 25, 2022 4:35pm UTC reported: Recently, I was attempting to combine James Forshaw’s remote EFSRPC file write “bug” with a local privilege escalation that I’d discovered. I was getting strange results. Working on one...
Foxit Reader and Foxit PhantomPDF Arbitrary File Write Vulnerability
Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. An arbitrary file write vulnerability exists in Foxit Reader versions prior to 10.1.4 and PhantomPDF versions prior to 10.1.4, which stems from a failure to validate the CombineFiles pathname and can be...