UBUNTU-CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

Debian: Security Advisory (DLA-1243-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-4994

lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames...

CVE-2014-1859

1 core/tests/testmemmap.py, 2 core/tests/testmultiarray.py, 3 f2py/f2py2e.py, and 4 lib/tests/testio.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file...

UBUNTU-CVE-2014-1858

init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...

CVE-2014-1858

init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file...

POCO 'ZipCommon::isValidPath()' function absolute path traversal vulnerability

POCO C++ Libraries is a set of C++ class libraries developed by Austrian software developer Gunter Obiltschnig, which are used to develop portable web-based applications with threading, file and streaming capabilities. A security vulnerability in the 'ZipCommon::isValidPath' function in the...

SEMCMS_ASP_ v4.5 has CSRF and Arbitrary File Write Vulnerabilities

SemCMS is an open source foreign trade enterprise website management system, written in vbscript language, combined with iis running, SemCMS is very suitable for foreign trade enterprises, e-commerce Internet use. SEMCMSASP v4.5 exists CSRF and arbitrary file writing vulnerability. Attackers can...

Synology DiskStation Manager Directory Traversal Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology. The operating system manages information such as data, files, photos, music and more. A directory traversal vulnerability exists in SYNO.FileStation.Extract in Synology DSM versions 6.0.x...

Synology File Station Directory Traversal Vulnerability

Synology File Station is a set of file management tools from Synology. The tool enables users to access files on Synology NAS devices via the Web. A directory traversal vulnerability exists in SYNO.FileStation.Extract in Synology File Station versions prior to 1.1.1-0099. A remote attacker can...

Foxit PDF Reader Javascript File Write Remote Code Execution

A File Write Remote Code Execution vulnerability exists in the Foxit Reader. This vulnerability is due to The createDataObject Javascript API function allows for writing arbitrary files to the file system. A remote attacker could exploit this vulnerability by enticing a victim user to open a...

CVE-2017-17560

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multiuploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file...

Pomelo Admin Console Web存在任意文件写入漏洞

...

Mobotap Dolphin Browser for Android Arbitrary File Write Vulnerability

Mobotap Dolphin Browser for Android is a web browser for the Android platform from MoboTap. An arbitrary file write vulnerability exists in version 12.0.2 of Mobotap Dolphin Browser for Android. An attacker can exploit this vulnerability to overwrite executable files in the Dolphin Browser data...

CVE-2017-17551

The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a...

Design/Logic Flaw

The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a...

CVE-2017-17551

The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a...

CVE-2017-17551

The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a...

CVE-2017-17551

Summary (CVE-2017-17551) : Affected product is Mobotap Dolphin Browser for Android (version 12.0.2). The flaw is an arbitrary file-write vulnerability during restoration of browser settings from a malicious Dolphin Browser backup file. An attacker could overwrite a specific executable in the brow...

PT-2017-14272 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions 6.0.x before 6.0.3-8754-3 Synology DiskStation Manager DSM versions 5.2-5967-6 and earlier Description: A directory traversal issue in the SYNO.FileStation.Extract component allows remote authenticate...