SALTO ProAccess SPACE Arbitrary File Write Vulnerability

Salto Systems ProAccess SPACE is a web-based access control management tool from Salto Systems, Spain. A security vulnerability exists in Salto Systems ProAccess SPACE version 5.4.3.0. An attacker can exploit the vulnerability to write arbitrary files...

SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass Vulnerabilities

SALTO ProAccess SPACE versions 5.5 and below suffer from path traversal, arbitrary file write, persistent cross site scripting, privilege escalation, and clear text transmission of sensitive data vulnerabilities. ======================================================================= title:...

The vulnerability of the command-line interface (CLI) of the microprogramming software for Cisco TelePresence Collaboration Endpoint devices allows a hacker to write arbitrary files into the root directory.

The vulnerability of the command-line interface CLI of the Cisco TelePresence Collaboration Endpoint CE device’s management software is related to improper handling of permissions. Exploiting this vulnerability could allow an attacker to write arbitrary files into the root directory...

The vulnerability of the Skia library used by browsers such as Firefox ESR, Firefox, and Google Chrome allows a malicious actor to write arbitrary files to the device’s file system.

The vulnerability of the Skia library used by browsers such as Firefox ESR, Firefox, and Google Chrome relates to writing beyond the buffer boundaries of memory. Exploiting this vulnerability allows a malicious actor to write arbitrary files into the device’s file system remotely...

DEBIAN-CVE-2014-9356

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...

Path traversal

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...

Arbitrary File Write in iobroker.js-controller

Versions of iobroker.controller prior to 2.0.25 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended /adapter/ folder, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated to perform the...

SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SALTO ProAccess SPACE vulnerable version: = v5.6 CVE number: CVE-2019-19457, CVE-2019-19458, CVE-2019-19459, CVE-2019-19460...

Arbitrary File Write

Overview Versions of iobroker.admin prior to 3.6.12 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended folder in the /log/ route, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated t...

RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3905 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...

hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file...

MGASA-2019-0326 Updated cpio packages fix security vulnerabilities

in cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive CVE-2015-1197. Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege...

Design/Logic Flaw

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...

Atlassian Confluence 6.15.1 Directory Traversal

Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft...

PT-2019-13937 · Yandex +1 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 19.14.3 Description: The issue allows an attacker with write access to ZooKeeper and the ability to run a custom server on the network where ClickHouse runs to create a malicious server acting as a ClickHouse...

Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)

Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link:...

Atlassian Confluence 6.15.1 Directory Traversal

Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows 7...

Atlassian Confluence 6.15.1 - Directory Traversal Exploit

Exploit for jsp platform in category web applications Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows ...

Atlassian Confluence 6.15.1 - Directory Traversal Vulnerability

Exploit for jsp platform in category web applications Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on:...