7182 matches found
Munin: Arbitrary file write
Background Munin is an open source server monitoring tool. Description When Munin is compiled with CGI graphics enabled then the files accessible to the www-data user can be overwritten. Impact A local attacker, by setting multiple upperlimit GET parameters, could overwrite files accessible to th...
IBM Open Admin Tool SOAP welcomeServer PHP Command Injection
Added: 09/27/2017 CVE: CVE-2017-1092 BID: 98615 Background IBM Informix Dynamic Server IDS is an online transaction processing OLTP data server for enterprise and workgroup computing. Open Admin Tool OAT is an open source, platform-independent tool providing a graphical interface for administrati...
sam2p file write vulnerability
sam2p is a UNIX command line utility program written in C++ that converts images to PDF and other formats. A file write vulnerability exists in sam2p version 0.49.3. An attacker can exploit this vulnerability to write to an illegal address...
Cloudview NMS 2.00b Writable Directory Traversal Execution
require 'msf/core' class MetasploitModule "Cloudview NMS 2.00b Writable Directory Traversal Execution", 'Description' = %q This module exploits a vulnerability found in Cloudview NMS server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary...
Mako Server SSRF / Disclosure / Code Execution
SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391 + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MAKO-WEB-SERVER-MULTIPLE-UNAUTHENTICATED-VULNERABILIITIES-SECURITEAM.txt + ISR: ApparitionSec...
CVE-2015-4523
The CVE-2015-4523 issue affects the Blue Coat Malware Analysis Appliance (MAA) and Malware Analyzer G2. A vulnerability allows a VM-escaped sample to bypass VM protections and write to the host file system, potentially overwriting files and causing a reboot or factory reset; in some cases it coul...
Arbitrary File Write Vulnerability in KODExplorer v4.06 Frontend
KodExplorer Kodo Cloud formerly Mango Cloud is a private cloud and online file management system based on Web technology developed by Shanghai Daimu Networks Co., Ltd. and is committed to providing users with secure and controllable, reliable and easy-to-use, highly scalable private cloud...
Devscripts Arbitrary File Write Vulnerability
Debian is a free operating system developed and maintained by the Debian Project. devscripts is a collection of system maintenance scripts. A security vulnerability exists in versions of devscripts prior to 2.15.7. The vulnerability can be exploited by remote attackers to overwrite arbitrary file...
DEBIAN-CVE-2015-5705
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename...
CVE-2015-5705
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename...
Arbitrary file write vulnerability in MetInfo version 5.3.18 physical.php
MetInfo is a Content Management System CMS developed using PHP and Mysql. An arbitrary file write vulnerability exists in MetInfo version 5.3.18 in physical.php. An attacker can exploit the CSRF vulnerability to remotely write arbitrary content and gain server privileges...
Foxit PhantomPDF < 8.3.2 Multiple Vulnerabilities
According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the app.launchURL method allowing a context-dependent attacker to potentially...
PHPCMS V9.6.3 CSRF Vulnerability and Arbitrary File Write Vulnerability in the Backend
PHPCMS is a web content management system based on PHP and Mysql architecture. PHPcms V9.6.3 version of the backend exists CSRF vulnerability and arbitrary file write vulnerability. Attackers can use this vulnerability to remotely write Trojan horse files to obtain web server administrative...
Aruba Networks ClearPass Policy Manager Arbitrary File Write Vulnerability
Aruba Networks ClearPass Policy Manager CPPM is a BYOD Bring Your Own Device network access control policy enforcement platform from Aruba Networks. A security vulnerability exists in Aruba Networks CPPM versions prior to 6.4.7 and 6.5.x versions prior to 6.5.2. A remote attacker could exploit th...
CVE-2015-3653
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking...
XYHCMS \App\Runtime\Data\config\site.php page has an arbitrary file write vulnerability
Xing Yunhai CMS XYHcms is a completely open source CMS content management system. XYHCMS \App\Runtime\Data\config\site.php page has an arbitrary file write vulnerability. Attackers use this vulnerability to obtain server privileges by writing Webshell...
CVE-2015-1395
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...
CVE-2015-5700
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack...
CVE-2015-1395
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...
Foxit Reader PDF Arbitrary File Write Remote Code Execution (CVE-2017-10952)
A remote code execution vulnerability has been reported in Foxit Reader. The vulnerability is due improper data validation which could lead to writing files. A remote attacker could exploit this vulnerability by enticing a user to click a maliciously crafted file. Successful exploitation could le...