Path traversal

The Metasploit Framework module "auxiliary/admin/http/telpho10credentialdump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP...

CVE-2020-19891

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...

CVE-2020-19891

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...

Design/Logic Flaw

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...

CVE-2020-19891

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...

CVE-2020-19891

CVE-2020-19891 affects DBHcms v1.2.0. A vulnerability in file dbhcms/mod/mod.editor.php allows arbitrary file write via POSTed updatefile (filename) and tinymce_content (file content) because there is no security filtering. A remote authenticated admin user can exploit this to obtain a webshell. ...

PYSEC-2020-70

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...

Canonical Ubuntu Virtualization Library Arbitrary File Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to write arbitrary files on affected installations of Libvirt. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the libvirt service. The...

CVE-2020-5609

Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 includes CENTUM CS 3000 Small R3.08.10 to R3.09.50, CENTUM VP includes CENTUM VP Small, Basic R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to crea...

Sick Package Analytics Input Validation Error Vulnerability

Sick Package Analytics is a system performance monitoring software for automatic identification systems from Sick. An input validation error vulnerability exists in SICK Package Analytics V04.0.0 and prior versions. The vulnerability arises from a networked system or product that does not properl...

Cisco Data Center Network Manager Input Validation Error Vulnerability

Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. An input validation error vulnerability exists in the archive utility in Cisco DCN...

CVE-2020-2076

SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write fil...

Authentication flaw

SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write fil...

CVE-2020-2076

CVE-2020-2076 affects SICK Package Analytics software up to and including version V04.0.0. The issue is an authentication bypass caused by direct REST API access, enabling an attacker to issue unauthorized requests and potentially write files without authentication. Public sources in the connecte...

CVE-2020-14493

A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands...

CVE-2020-14493

A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands...

CVE-2020-14493

CVE-2020-14493 affects OpenClinic GA versions 5.09.02 and 5.89.05b. A low-privilege user can craft SQL that writes arbitrary files on the server, potentially enabling execution of arbitrary commands. The ICS advisory indicates remote exploitation with high risk and public exploits available, and ...

CVE-2020-15623

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

CVE-2020-9252

HUAWEI Mate 20 versions earlier than 10.1.0.160C00E160R3P8, HUAWEI Mate 20 X versions earlier than 10.1.0.135C00E135R2P8, HUAWEI Mate 20 RS versions earlier than 10.1.0.160C786E160R3P8, and Honor Magic2 smartphones versions earlier than 10.1.0.160C00E160R2P11 have a path traversal vulnerability...

CVE-2020-5131

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier...