Foxit Reader and PhantomPDF Arbitrary File Write Vulnerability

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A security vulnerability exists in the communication API of Foxit Reader and Foxit PhantomPDF 9.7.1.29511 and earlier versions for Windows platforms. The vulnerability can be exploited by an attacker to...

Foxit PhantomPDF ConvertToPDF Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication...

Foxit PhantomPDF CombineFiles Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication...

Arbitrary File Write

encryptfs-utils is vulnerable to arbitrary file write. A race condition flaw in mount.ecryptfsprivate could allow a local attacker to overwrite arbitrary files...

Arbitrary File Write

encryptfs-utils is vulnerable to atbirary file write. A race condition flaw in the way temporary files were accessed in mount.ecryptfsprivate could allow a malicious, local user to make arbitrary modifications to the mtab file...

Arbitrary File Write

perl-archive-tar is vulnerable to arbitrary file write. The vulnerability exists as multiple directory traversal flaws were discovered in the Archive::Tar module. A specially-crafted tar file could cause a Perl script, using the Archive::Tar module to extract the archive, to overwrite an arbitrar...

Arbitrary File Write

java ibm is vulnerable to arbitary file write. An unspecified vulnerability allows remote attackers to create and modify arbitrary files via unknown vectors involving JNLPAppletLauncher...

CVE-2020-1885

Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file...

CVE-2020-1885

CVE-2020-1885 affects Oculus Desktop on Windows prior to 1.44.0.32849. A privileged OVRRedir.exe process can write to an unprivileged destination via a hard link to a log file, enabling local privilege escalation to arbitrary files. The issue is described as local privilege elevation stemming fro...

Arbitrary File Write Vulnerability in LJCMS of Beijing Liangjing Zhicheng Technology Co.

LJCMS is a PHP+MYSQL based enterprise website system. Beijing LiangJingZhiCheng Technology Co., Ltd LJCMS exists arbitrary file writing vulnerability, attackers can construct the cms update address to the target write malicious files to obtain server privileges...

Arbitrary File Write Vulnerability in Gila CMS

Gila CMS is an open source content management system. Gila CMS suffers from an arbitrary file write vulnerability that can be exploited by an attacker to write malicious code to the server and gain administrative privileges on the server...

CVE-2020-10696

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

CVE-2020-10696

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

CVE-2020-6008

LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution...

CVE-2020-6008

LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution...

Remote code execution

LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution...

CVE-2020-6008

CVE-2020-6008 affects the WordPress LifterLMS plugin prior to 3.37.15. The vulnerability is an arbitrary file write that can lead to remote code execution; attackers could write and execute PHP code by manipulating a user’s first name. Public sources (NVD/Nessus-based findings) describe the affec...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

Directory Traversal

Overview sapper is a framework for building high-performance universal web apps. Affected versions of this package are vulnerable to Directory Traversal. when serving /client/... files. PoC by Daniel Thompson: curl...

Multiple vulnerabilities in Shihonkanri Plus GOOUT

Overview Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains multiple vulnerabilities which allow reading/writing an arbitrary file listed below because of the improper validation of input parameter...