Opto 22 SoftPAC Project Data Forgery Issue Vulnerability

Opto 22 SoftPAC Project is an automation software suite from Opto 22 USA. The product is capable of providing industrial automation, process control, building automation, remote monitoring, data acquisition and industrial IoT. A data forgery issue vulnerability exists in Opto 22 SoftPAC Project...

The vulnerability in the Atlassian Confluence Server’s web server exists due to an incorrect path name limitation for the restricted access catalog. This allows a hacker to write files anywhere and execute any code.

The vulnerability of the Atlassian Confluence Server web server exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to write files to arbitrary locations and execute arbitrary code...

CVE-2020-12042

Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access...

CVE-2020-12042

Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access...

CVE-2020-8159

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

LifterLMS Plugin for WordPress < 3.37.15 Arbitrary File Write

The WordPress LifterLMS Plugin installed on the remote host is affected by an arbitrary file write vulnerability that can allow the attackers to write and execute arbitrary PHP code on the server by changing their first name on their profile to PHP code. Note that the scanner has not tested for...

GHSA-MG5P-95M9-RMFP Arbitrary file write in actionpack-page_caching gem

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

Arbitrary file write in actionpack-page_caching gem

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

Directory Traversal

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

CVE-2020-8159

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

Exploit for CVE-2020-11651

CVE-2020-11651 PoC for CVE-2020-11651 Requires Python3 tested...

CVE-2020-11531

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...

CVE-2020-8983

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or...

CVE-2020-8983

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or...

Remote code execution

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or...

Arbitrary File Write

Overview actionpack-pagecaching is a static page caching library for Action Pack. Affected versions of this package are vulnerable to Arbitrary File Write. It is possible for an attacker to write unescaped ERB to a view, and therefore write arbitrary files to a web server, potentially resulting i...

CVE-2020-3307

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability...

CVE-2020-3307 Cisco Firepower Management Center Arbitrary Log File Write Vulnerability

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability...

CVE-2020-3307 Cisco Firepower Management Center Arbitrary Log File Write Vulnerability

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability...

Arbitrary file write/potential remote code execution in actionpack-page_caching

There is a vulnerability in the actionpack-pagecaching gem that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. Versions Affected: All versions of actionpack-pagecaching part of Rails...