Arbitrary File Write Vulnerability in Jinhe OA-C6

Jinhe OA system product C6 collaborative management platform has more than 20 application modules, more than 160 application sub-modules, involving enterprise management business including collaborative office management, human resource management, project management, customer relationship...

CVE-2020-15929

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...

CVE-2020-25989

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges...

CVE-2020-25989

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges...

Privilege escalation

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges...

CVE-2020-25989

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges...

CVE-2020-25989

The CVE-2020-25989 entry concerns pritunl's Electron client (versions 1.0.1116.6 up to 1.2.2550.20). The issue is a privilege-escalation via arbitrary file write that may allow code execution with root privileges on the affected system. The connected documents confirm the vulnerability class and ...

TestBox CFML Test Framework 4.1.0 Arbitrary File Write / Code Execution

Title: TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution Author: Darren King Date: 2020-07-23 Vendor Homepage: https://www.ortussolutions.com/products/testbox Software Link: https://www.ortussolutions.com/parent/download/testbox?version=3.1.0 Version : 2.4.0 throu...

Pritunl-client Backlink Vulnerability

Pritunl-client is an open source OpenVPN client application from US-based Pritunl. A backlink vulnerability exists in pritunl electron client versions 1.0.1116.6 through v1.2.2550.20, which originates from an arbitrary file write. An attacker can exploit this vulnerability to execute code with ro...

TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution

Title: TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution Author: Darren King Date: 2020-07-23 Vendor Homepage: https://www.ortussolutions.com/products/testbox Software Link: https://www.ortussolutions.com/parent/download/testbox?version=3.1.0 Version : 2.4.0 throu...

python-pip security update

9.0.3-18 - Patch for pip install allow directory traversal, leading to arbitrary file write Resolves: rhbz1868016 9.0.3-17 - Remove unused CA bundle from the bundled requests library Resolves: rhbz1775200...

CVE-2020-27128

The Cisco SD-WAN vManage Software Arbitrary File Creation vulnerability (CVE-2020-27128) affects the application data endpoints and stems from improper validation of API requests, enabling an authenticated, remote attacker to perform directory traversal and write arbitrary files to an attacker-co...

CVE-2020-15708 Libvirt Service Arbitrary File Write Privilege Escalation Vulnerability

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code...

Arbitrary File Write

file-roller is vulnerable to arbitrary file write. The vulnerability exists through a directory symlink pointing outside of the target directory...

CVE-2020-27128

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by...

Command Execution Vulnerability in 162100 Website Navigation 3

162100 url navigation 3 is a website source code of url navigation category developed by php+MySQL. 162100 url navigation 3 has a command execution vulnerability. An attacker can exploit the vulnerability to write to a php file, resulting in command execution...

Nagios XI Command Injection Vulnerability (CNVD-2020-58771)

Nagios XI and Nagios are both products of Nagios, Inc.Nagios XI is an IT infrastructure monitoring solution. The solution supports monitoring and alerting of applications, services, operating systems, etc. Nagios is an open source, free network monitoring tool. A security vulnerability exists in...

USN-4588-1 flightgear vulnerability

It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to execute arbitrary code...

File upload vulnerability in TWCMS backend se***_co***.cl***.php file

TWCMS Tong Wang CMS is an enterprise website CMS system. A file upload vulnerability exists in the seco.cl.php file in the background of TWCMS. An attacker can exploit the vulnerability to write arbitrary files and gain server privileges...

Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request

Impact Information Disclosure When the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of authentication or...