7184 matches found
Atlassian Confluence 6.15.1 - Directory Traversal
Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows 7...
Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write (cisco-sa-20191016-tele-ce-filewrite)
According to its self-reported version, the Cisco TelePresence Collaboration Endpoint CE Cisco TelePresence Software is affected by a vulnerability due to improper permission assignment. An authenticated, local attacker can exploit this by logging in as the remotesupport user to write files to th...
kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...
LAquis SCADA LGX Report Arbitrary File Write (CVE-2018-18988)
An arbitrary file write vulnerability exists in LAquis SCADA LGX report. Successful exploitation of this vulnerability could result in arbitrary file write and possible arbitrary code execution...
DEBIAN-CVE-2010-0398
The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack...
CVE-2010-0398
The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack...
kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...
CVE-2010-2064
rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on 1 /tmp/portmap.xdr and 2 /tmp/rpcbind.xdr...
CVE-2010-2064
CVE-2010-2064 affects rpcbind 0.2.0; local attackers can write to arbitrary files or gain privileges via a symlink attack on /tmp/portmap.xdr and /tmp/rpcbind.xdr. Root cause: incorrect handling of symbolic links in temporary files leads to privilege/escalation risk. Exploitation details are not ...
The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper makes it possible for a attacker to write arbitrary files to the operating system of the vulnerable device.
The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper exists due to the lack of authentication when joining a quorum. Exploiting this vulnerability allows an attacker to...
The numerous vulnerabilities in the API interface of the WADashboard component of the Advantech WebAccess software allow a perpetrator to write or overwrite any files in the file system.
The multiple vulnerabilities of the API interface of the WADashboard component in the Advantech WebAccess remote monitoring software are related to deficiencies in path validation before its use in file operations. Exploiting these vulnerabilities could allow a malicious actor to read arbitrary...
Samba CVE-2019-10218 Path Traversal Arbitrary File Write Vulnerability
Description Samba is prone to an arbitrary file write vulnerability. Successful exploits may allow an attacker to write arbitrary files to the affected system. This may aid in further attacks. Technologies Affected Samba Samba 3.4.0 Samba Samba 3.4.1 Samba Samba 3.4.10 Samba Samba 3.4.11 Samba...
UBUNTU-CVE-2019-11482
Sander Bos discovered a time of check to time of use TOCTTOU vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories...
Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability
Cisco TelePresence is a Cisco TelePresence solution. A security vulnerability exists in Cisco TelePresence Collaboration Endpoint CE versions prior to 9.8.1 due to an improperly assigned privilege. The vulnerability can be exploited by an attacker to write to files in the /root directory by loggi...
Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability (CNVD-2019-37414)
Cisco TelePresence is a Cisco TelePresence solution. A security vulnerability exists in Cisco TelePresence Collaboration Endpoint CE versions prior to 9.8.1 due to an improperly implemented privilege. An attacker can exploit the vulnerability to overwrite arbitrary files by logging in and...
Red Hat XML Language Support XML Language Server Path Traversal Vulnerability
Red Hat XML Language Support vscode-xml is the United States Red Hat Red Hat a support for the creation and editing of XML documents Visual Studio Code extensions. XML Language Server is used in one of the XML language server. A path traversal vulnerability exists in the XMLLanguageService.java...
CVE-2019-15962 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...
CVE-2019-15962 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...
Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...
CVE-2019-4031
IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997...