7184 matches found
CVE-2019-16896
In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll aka the backup module improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality...
CVE-2019-16896
CVE-2019-16896 affects K7 Ultimate Security 16.0.0117. The backup module K7BKCExt.dll improperly validates administrative privileges, enabling a local, user‑privilege bypass that allows an arbitrary file write via a symbolic link attack with file restoration functionality. Documented impact acros...
UBUNTU-CVE-2019-19920
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...
Citrix and NetScaler SD-WAN Center Unauthenticated Directory Traversal File Write
The remote Citrix SD-WAN Center or NetScaler SD-WAN Center is susceptible to directory traversal and file writes in arbitrary locations. This is due to improper sanitization of user-supplied input in the applianceSettingsFileTransfer action of ApplianceSettingsController. An unauthenticated, remo...
NPM -- Multiple vulnerabilities
NPM reports: Global nodemodules Binary Overwrite Symlink reference outside of nodemodules Arbitrary File Write...
Cisco IOS XE Software Arbitrary File Write (cisco-sa-20180328-wfw)
According to its self-reported version, Cisco IOS XE Software is affected by an arbitrary file write vulnerability in the web-based user interface web UI due to insufficient input validation of HTTP requests that are sent to the web UI of the affected software. An authenticated, remote attacker c...
File write vulnerability in Ocean CMS ad***_pi***.php page
Ocean CMS is a web content management system based on PHP+MYSQL architecture that can run across platforms. A file write vulnerability exists in the Ocean CMS adpi.php page. An attacker can exploit this vulnerability to gain control of the web server...
The vulnerability of the command-line tools for package managers NPM and Yarn allows a hacker to write arbitrary files.
The vulnerability of the command-line tools for package managers NPM and Yarn exists due to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files by creating symbolic links to files outside the module...
Roxy Fileman 1.4.5 - Directory Traversal
Roxy Fileman 1.4.5 - Directory Traversal Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal Author: Patrik Lantz Date: 2019-12-06 Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE:...
Roxy Fileman 1.4.5 - Directory Traversal
Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal Author: Patrik Lantz Date: 2019-12-06 Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE: CVE-2019-19731 Tested on: ASP.NET 4.0.30319 and...
Bash Profile Persistence
This module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback. This...
Roxy Fileman 1.4.5 For .NET Directory Traversal Vulnerability
Exploit for php platform in category web applications =========================== Exploit Title: Roxy Fileman 1.4.5 for .NET - Directory Traversal Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net...
GHSA-M6CX-G6QM-P2CX Arbitrary File Write in npm
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on ...
Arbitrary File Write in npm
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on ...
CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
DEBIAN-CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
DEBIAN-CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...