Arbitrary File Write

ibacm is vulnerable to arbitrary file write. It was found that the ibacm daemon created some files with world-writable permissions. A local attacker could use this flaw to overwrite the contents of the ibacm.log or ibacm.port file, allowing them to mask certain actions from the log or cause ibacm...

Arbitrary File Write

hplip is vulnerable to arbitrary file write. A local attacker could use these flaws to perform a symbolic link attack, overwriting arbitrary files accessible to a process using HPLIP...

Apache Archiva 2.2.3 Cross Site Scripting / File Write / Delete Vulnerabilities

Exploit for multiple platform in category web applications CVE-2019-0213: Apache Archiva Stored XSS Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Archiva 2.0.0 - 2.2.3 The unsupported versions 1.x are also affected. It may be possible to store malicious XSS code...

CVE-2019-0214

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file...

CVE-2019-0214

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file...

CVE-2019-0214

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file...

CVE-2019-0214

Apache Archiva 2.0.0–2.2.3 is affected by CVE-2019-0214, where the artifact upload mechanism allows writing files to arbitrary locations and can overwrite existing files if the Archiva process user has filesystem permissions. Root cause described is improper handling of uploaded artifact file pat...

Apache Archiva Input Validation Error Vulnerability (CNVD-2019-26509)

Apache Archiva is a suite of software from the Apache USA Software Foundation for managing one or more remote repositories. The software provides features such as remote Repository agents, role-based secure access management, and usage reporting. An input validation error vulnerability in Apache...

CVE-2019-9951

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page...

Arbitrary File Write

mercurial is vulnerable to arbitrary file write attacks. The vulnerability is possible by using symlinks and subrepositories to bypass the validation of path checking, allowing the writing of files outside of the repository...

CVE-2018-4006

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker wou...

Shimo VPN helper tool writeConfig privilege escalation vulnerability

Summary An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An...

The vulnerability in the web interface of the microprogramming software for Cisco IP Phones series 8800 allows a perpetrator to write arbitrary files into the device’s file system.

The vulnerability of the web interface of Cisco IP phones—IP Phone 8800, IP Conference Phone 8832, IP Phone 8821, and IP Phone 8821-EX—is related to deficiencies in path name checking for access-controlled directories. Exploiting this vulnerability allows a malicious actor to write arbitrary file...

UBUNTU-CVE-2019-1002101

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could r...

SUSE-SU-2019:0805-1 Recommended update for adcli, sssd

This update for adcli and sssd provides the following improvement: Security vulnerability fixed: - CVE-2019-3811: Fix fallbackhomedir returning '/' for empty home directories bsc1121759 Other fixes: - Add an option to disable checking for trusted domains in the subdomains provider bsc1125617 -...

CVE-2019-1765

CVE-2019-1765 affects Cisco IP Phone 8800 Series SIP Software. The web-based management interface vulnerability arises from insufficient input validation and file-level permissions, allowing an authenticated, remote attacker to upload invalid files and write files to arbitrary locations on the de...

OFCMS Backend Arbitrary File Write Vulnerability

OFCMS is a content management system based on Java technology. OFCMS version before 1.1.3 has a backend arbitrary file write vulnerability. An attacker can exploit this vulnerability by traversing the admin/cms/template/getTemplates.html?respath=res directory to write arbitrary content in the...

CVE-2019-9611

An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...

Directory traversal

An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...

Apache Storm < 1.1.3 / 1.2.x < 1.2.2 arbitrary file write vulnerability

The version of Apache Storm running on the remote host is prior to 1.1.3 or 1.2.x prior to 1.2.2. It is, therefore, affected by an arbitrary file write vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid122487; scriptversion"1.3"; scriptcvsdate"Date:...