Synology Docker Path Traversal Vulnerability

Docker is an open source application container engine. It supports creating a container lightweight virtual machine and deploying and running applications on a Linux system, as well as automating the installation, deployment, and upgrading of applications through configuration files. A path...

Exploit for Argument Injection in Dragonfly_Project Dragonfly

CVE-2021-33564 PoC Exploit script for CVE-2021-33564 Argument...

CVE-2021-22900

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface...

CVE-2021-22900

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface...

Design/Logic Flaw

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface...

CVE-2021-22900

Pulse Connect Secure (PCS) before 9.1R11.4 is affected by CVE-2021-22900, which allows an authenticated administrator to write files via a malicious archive upload in the admin web interface due to an unrestricted upload vulnerability. The IVANTI advisory SA44784 consolidates multiple PCS CVEs an...

CVE-2021-22900

A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. Recent assessments: Assessed Attacker Value: 0...

ytnef 路径遍历漏洞

ytnef is a TNEF Transport Neutral Encapsulation Format stream reader for winmail.dat files. YTNEF suffers from a security vulnerability that stems from. An attacker could use a crafted email to cause these applications to write data to an arbitrary location on the file system, crash, or execute...

ProFTPd 1.3.5 Remote Command Execution

Exploit Title: ProFTPd 1.3.5 - 'modcopy' Remote Command Execution 2 Date: 25/05/2021 Exploit Author: Shellbr3ak Version: 1.3.5 Tested on: Ubuntu 16.04.6 LTS CVE : CVE-2015-3306 !/usr/bin/env python3 import sys import socket import requests def exploitclient, target: client.connecttarget,21...

Exploit for Argument Injection in Dragonfly_Project Dragonfly

CVE-2021-33564 PoC Exploit script for CVE-2021-33564 Argument...

Plone Arbitrary File Write Vulnerability

Plone is an open source content management system CMS built on the Zope application server. An arbitrary file write vulnerability exists in Plone 5.2.4 and earlier versions. A remote attacker can exploit this vulnerability to perform disk I/O via specially crafted keyword arguments converted by...

Plone 安全漏洞

Plone is an open source content management system CMS built on the Zope application server. An arbitrary file write vulnerability exists in Plone 5.2.4 and earlier versions. A remote attacker can exploit this vulnerability to perform disk I/O via specially crafted keyword arguments converted by...

Microsoft Exchange 2019 - Unauthenticated Email Download Exploit

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Metasploit Exploit Author: RAMELLA Sébastien Vendor Homepage: https://microsoft.com Version: This vulnerability affects Exchange 2013 Versions 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q This module scan for...

Vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are caused by privilege management errors, allowing attackers to write arbitrary files to the device’s file system.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are due to privilege management errors. Exploiting these vulnerabilities can allow an attacker to remotely write arbitrary files...

Cisco 多款产品安全漏洞

Cisco Prime Infrastructure is a software application from Cisco USA. It is used to simplify the management of wireless and wired networks. A security vulnerability exists in several Cisco products, which can be exploited by an attacker to identify directories and write arbitrary files to the file...

GHSA-75QF-WGFJ-V652 github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions up to and including version 0.7.0 of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction...

github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions up to and including version 0.7.0 of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction...

Arbitrary File Write

SABnzbd allows arbitrary file write. The filesystem.renamer function allows writing of downloaded files outside the configured download folder using a malicious PAR2 file...

CVE-2020-27833

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image .tar file which contains symbolic links. The vulnerability is limited to the command oc image extract. If a symbolic link is first...

Design/Logic Flaw

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image .tar file which contains symbolic links. The vulnerability is limited to the command oc image extract. If a symbolic link is first...