7184 matches found
Arbitrary file deletion
Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...
CVE-2021-21983
Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system...
CVE-2021-21983
CVE-2021-21983 is an authenticated arbitrary file write vulnerability in the VMware vRealize Operations Manager API (pre-8.4). A network‑accessible attacker can leverage the API to write files to arbitrary locations on the underlying Photon OS, potentially enabling code execution as illustrated i...
VMware vRealize Operations 安全漏洞
VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid and multi-cloud environments that delivers IT operations management on autopilot. An arbitrary file write vulnerability exists in the vRealize Operations Manager API prior to version 8....
CVE-2021-21983
Arbitrary file write vulnerability in vRealize Operations Manager API CVE-2021-21983 prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. Recent...
VMware vRealize Operations Manager 任意文件写入漏洞(CVE-2021-21983)
...
VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)
3a. Server Side Request Forgery in vRealize Operations Manager API CVE-2021-21975 The vRealize Operations Manager API contains a Server Side Request Forgery. VMware has evaluated this issue to be of 'Important' severity with a maximum CVSSv3 base score of 8.6. 3b. Arbitrary file write vulnerabili...
VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)
1. Impacted Products VMware vRealize Operations VMware Cloud Foundation vRealize Suite Lifecycle Manager 2. Introduction Multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware. Patches and Workarounds are available to address these vulnerabilities in impacted...
VMSA-2021-0004:VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities
Advisory ID: VMSA-2021-0004.2 CVSSv3 Range: 7.2 - 8.6 Issue Date:2021-03-30 Updated On: 2021-08-24 CVEs: CVE-2021-21975, CVE-2021-21983 Synopsis: VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities CVE-2021-21975, CVE-2021-21983 RSS Feed...
Advantech iView Unauthenticated Remote Code Execution
This module exploits an unauthenticated configuration change combined with an unauthenticated file write primitive, leading to an arbitrary file write that allows for remote code execution as the user running iView, which is typically NT AUTHORITY\SYSTEM. This issue was demonstrated in the...
Microsoft Exchange ProxyLogon RCE
This module exploit a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin CVE-2021-26855 and write arbitrary file CVE-2021-27065 to get the RCE Remote Code Execution. By taking advantage of this vulnerability, you can execute...
ShuipFCMS suffers from an arbitrary file write vulnerability (CNVD-2021-24708)
ShuipFCMS is a content management system based on ThinkPHP framework as the core and developed in an independent grouping approach. ShuipFCMS has an arbitrary file write vulnerability that can be exploited by attackers to gain server privileges...
Microsoft Exchange ProxyLogon Remote Code Execution Exploit
This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin CVE-2021-26855 and write arbitrary file CVE-2021-27065 to get the RCE Remote Code Execution. By taking advantage of this vulnerability, you...
Microsoft Exchange 2019 SSRF / Arbitrary File Write
import requests from urllib3.exceptions import InsecureRequestWarning import random import string import sys def idgeneratorsize=6, chars=string.asciilowercase + string.digits: return ''.joinrandom.choicechars for in rangesize if lensys.argv " print"使用方式: python PoC.py mail.btwaf.cn [email protected]...
Hestia Control Panel 1.3.2 Arbitrary File Write
Title: Hestia Control Panel 1.3.2 - Arbitrary File Write Date: 07.03.2021 Author: Numan Türle Vendor Homepage: https://hestiacp.com/ Software Link: https://github.com/hestiacp/hestiacp Version: 1.3.3 Tested on: HestiaCP Version 1.3.2 curl --location --request POST...
Hestia Control Panel 1.3.2 - Arbitrary File Write Vulnerability
Title: Hestia Control Panel 1.3.2 - Arbitrary File Write Author: Numan Türle Vendor Homepage: https://hestiacp.com/ Software Link: https://github.com/hestiacp/hestiacp Version: 1.3.3 Tested on: HestiaCP Version 1.3.2 curl --location --request POST 'https://TARGET:8083/api/index.php' \ --form...
Hestia Control Panel 1.3.2 - Arbitrary File Write
Title: Hestia Control Panel 1.3.2 - Arbitrary File Write Date: 07.03.2021 Author: Numan Türle Vendor Homepage: https://hestiacp.com/ Software Link: https://github.com/hestiacp/hestiacp Version: 1.3.3 Tested on: HestiaCP Version 1.3.2 curl --location --request POST...
Exploit for Server-Side Request Forgery in Microsoft
ProxyLogon-CVE-2021-26855-metasploit CVE-2021-26855 proxyLogon...
PHP <= 5.6.0 'PEAR' Symlink Attack Vulnerability
PHP is prone to a symlink attack vulnerability in the included PEAR installer. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Code injection
ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...