CVE-2021-1297 Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected...

Cisco Multiple Routers RESTCONF file-upload Directory Traversal Arbitrary File Write Vulnerability

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. The...

Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected...

Arbitrary File Write

django is vulnerable to arbitrary file write. The vulnerability exists through the django.utils.archive.extract function, used by startapp --template and startproject --template, to extract files with absolute paths or relative paths, out of the application root directory...

CentOS 8 : nodejs:10 (CESA-2020:0579)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:0579 advisory. - nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string CVE-2019-15604 - nodejs: HTTP request smuggling using...

Metasploit Wrap-Up

MobileIron MDM Hessian-Based Java Deserialization RCE Our very own wvu-r7 has added exploits/linux/http/mobileironmdmhessianrce, which exploits an ACL bypass in MobileIron MDM products to execute a Java deserialization attack using a Groovy gadget against a Hessian based endpoint. CVE-2020-15505...

PEAR Archive_Tar 1.4.10 Arbitrary File Write

This module takes advantages of ArchiveTar use exploit/multi/fileformat/archivetararbfilewrite msf exploitarchivetararbfilewrite show targets ...targets... msf exploitarchivetararbfilewrite set TARGET msf exploitarchivetararbfilewrite show options ...show and set options... msf...

Deislabs Oras Backlink Vulnerability

Deislabs Oras is a Go-based software from the Deislabs team for pushing OCI packages to the registered end. Deislabs Oras suffers from a backlink vulnerability that can be exploited by an attacker to write or overwrite specific files on a host file system other than the user's...

PEAR Archive_Tar Arbitrary File Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/tar' class MetasploitModule 'PEAR ArchiveTar %q This module takes advantages of ArchiveTar MSFLICENSE, 'Author' = 'gwillcox-r7', Metasploit module...

CVE-2020-8567

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...

Cisco SD-WAN vManage Path Traversal Vulnerability (CNVD-2021-05395)

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. A path traversal vulnerability exists in the Web management interface of Cisco SD-WAN vManage versions prior to 18.2.0. The vulnerability stems from insufficient authentication of HTTP...

Cisco SD-WAN vManage Software 路径遍历漏洞

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. A path traversal vulnerability exists in the Web management interface of Cisco SD-WAN vManage versions prior to 18.2.0. The vulnerability stems from insufficient authentication of HTTP...

Microsoft Spooler Local Privilege Elevation Exploit

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds...

Microsoft Spooler Local Privilege Elevation Vulnerability

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds...

CVE-2021-21251

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library...

CVE-2021-21251

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library...

Design/Logic Flaw

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library...

OSV-2017-13 Heap-buffer-overflow in File::Write

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4293 Crash type: Heap-buffer-overflow READ Crash state: File::Write ComprDataIO::UnpWrite CmdExtract::UnstoreFile...

CVE-2020-17518

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...

Arbitrary File Write

flink-runtime is vulnerable to arbitrary file write. The vulnerability exists as files can be written to any accessible location through the modified value of HTTP HEADER...