CVE-2018-5795

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller...

CVE-2018-5795

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller...

CVE-2018-5795

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Arbitrary File Write from the WebGUI on the WiNG Access Point / Controller...

Code execution vulnerability in ykcms

YKCMS is a novel as the core, drawing on the existing market in the various types of novel program, both collection, thief, storage and other features, developed out of the semi-collection mode novel system. ykcms v4.0.40 version of the existence of code execution vulnerabilities, in the change o...

Extreme Networks ExtremeWireless WiNG Arbitrary File Write Vulnerability

Extreme Networks ExtremeWireless WiNG is a wireless access solution from Extreme Networks.WiNG Access Point AP is one of the wireless access points.Controller is the wireless controller.Web User Interface is one of the web management interfaces. The WiNG Access Point AP is a wireless access point...

Argument injection in the download commit resource through the at parameter - CVE-2017-18087

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...

Haystack Arq for Mac Elevation of Privilege Vulnerability

Haystack Arq for Mac is a Mac-based file backup software from Haystack Software, USA. arqupdater and others are among the components. Based on the Mac platform Haystack Arq 5.10 and the previous version of the standardrestorer binary file there is a security vulnerability. A local attacker can...

CVE-2017-16945

The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path...

CVE-2017-16928

The arqupdater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip...

CVE-2017-16928

The arqupdater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip...

CVE-2017-16601

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Debian DLA-1243-1 : xbmc security update

The Check Point Research Team discovered that the XBMC media center allows arbitrary file write when a malicious subtitle file is downloaded in zip format. This update requires the new dependency libboost-regex1.49. For Debian 7 'Wheezy', these problems have been fixed in version...

UBUNTU-CVE-2014-9485

Directory traversal vulnerability in the doextractcurrentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive...

Synology Photo Station 6.8.2-3461 Remote Code Execution

!/usr/local/bin/python """ Synology Photo Station = 6.8.2-3461 latest SYNOPHOTOFlickrMultiUpload Race Condition File Write Remote Code Execution Vulnerability Found by: mrme Tested: 6.8.2-3461 latest at the time Vendor Advisory: https://www.synology.com/en-global/support/security/SynologySA1802...

Synology Photo Station 6.8.2-3461 - SYNOPHOTO_Flickr_MultiUpload Remote Code Execution Exploit

Exploit for hardware platform in category remote exploits !/usr/local/bin/python """ Synology Photo Station = 6.8.2-3461 latest SYNOPHOTOFlickrMultiUpload Race Condition File Write Remote Code Execution Vulnerability Found by: mrme Tested: 6.8.2-3461 latest at the time Vendor Advisory:...

PT-2018-4304 · Minizip · Minigzip

Name of the Vulnerable Software and Affected Versions: minizip versions prior to 1.1-5 Description: The issue is related to a directory traversal vulnerability in the do extract currentfile function in miniunz.c in miniunzip. This vulnerability might allow remote attackers to write to arbitrary...

TransmissionRPC DNS Rebinding Vulnerability

Transmission is a free BitTorrent BT client developed by the Transmission project team for use on the Linux and Mac OS X platforms, which supports data encryption, corruption repair and seeding. A security vulnerability exists in Transmission 2.92 and earlier versions. A remote attacker can execu...

DEBIAN-CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

Synology Photo Station 6.8.2-3461 - SYNOPHOTO_Flickr_MultiUpload Race Condition File Write Remote Code Execution

Synology Photo Station 6.8.2-3461 - SYNOPHOTOFlickrMultiUpload Race Condition File Write Remote Code Execution !/usr/local/bin/python """ Synology Photo Station = 6.8.2-3461 latest SYNOPHOTOFlickrMultiUpload Race Condition File Write Remote Code Execution Vulnerability Found by: mrme Tested:...

UBUNTU-CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...