CVE-2020-5131

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier...

Design/Logic Flaw

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier...

CVE-2020-5131

CVE-2020-5131 affects SonicWall NetExtender Windows client up to version 9.0.815. The vulnerability is an arbitrary file write that enables overwriting a DLL, allowing code execution with the same privileges on the host OS. The CVE is described in multiple sources (e.g., Red Hat advisory and CNVD...

CVE-2020-5131

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier...

CVE-2020-9682

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write...

SonicWall NetExtender arbitrary file write vulnerability

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. CVE: CVE-2020-5131 Last updated: July 16, 2020, 9:01 a.m...

Adobe Creative Cloud Desktop Application Backlink Vulnerability (NVD-C-2020-154995)

Adobe Creative Cloud Desktop Application is a suite of applications for managing applications and services in the Creative Cloud Membership Management Center from Adobe USA. The program supports synchronizing and sharing files, managing fonts, and accessing asset libraries for commercial...

The vulnerability of the EPUB Sigil software for editing e-books lies in the incorrect path limitation for accessing the restricted catalog. This allows attackers to write arbitrary files into any directory they choose.

The vulnerability of EPUB format electronic book editing software like Sigil exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files to any directory...

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-38175)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An unspecified vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to write arbitrary files in the SD card area...

CVE-2020-15577

Samsung mobile devices running P (9.0) and Q (10.0) software are affected by CVE-2020-15577 via the Cameralyzer component, which can write files to the SD card. Root cause: Cameralyzer ability to write to external storage leads to unauthorized file writes. Impact: potential modification or insert...

CVE-2020-5907

CVE-2020-5907 affects F5 BIG-IP TMOS Shell (tmsh). Authorized tmsh-only users may read/write arbitrary files via the built-in SFTP, enabling privilege escalation to root. Affected versions include BIG-IP 11.x (11.6.1–11.6.5.1), 12.x (12.1.0–12.1.5.1), 13.x (13.1.0–13.1.3.3), 14.x (14.1.0–14.1.2.3...

Arbitrary File Write

github.com/sassoftware/go-rpmutils is vulnerable to arbitrary file write. The vulnerability exists as the extract function in cpio/extracttest.go does not restrict the filepath path to the dest, allowing extraction outside the permitted cpio path...

PT-2020-14546 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to write arbitrary files on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...

Directory Traversal

github.com/unknwon/cae is vulnerable to directory traversal. The vulnerability exists as the ExtractTo function does not sanitize file paths in zip archives, allowing ../ in file path to be resolved outside the intended extraction folder and potentially allowing arbitrary file write...

Arbitrary File Write

github.com/unknwon/cae/zip is vulnerable to arbitrary file write Zip-slip vulnerability. Lack of sanitization of zip archives file path destPath in the function ExtractToFunc for file names with leading or non-leading ".." allows malicious user to perform rewriting of files system-wide...

CVE-2020-7664

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

Directory Traversal

Overview fast-http is a library that allows you to create a tiny web server. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in the path provided at fs.readFile in index.js. PoC by JHU System Security Lab 1. Start the server var Server =...

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

CVE-2020-7668 Arbitrary File Write via Archive Extraction (Zip Slip)

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

CVE-2020-7664 Arbitrary File Write via Archive Extraction (Zip Slip)

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...