EMC Unisphere for VMAX vApp Manager Arbitrary File Write Vulnerability

EMC Unisphere for VMAX is a set of management interfaces for the VMAX storage family from EMC Corporation USA. An arbitrary file write vulnerability exists in the HTTP servlet in vApp Manager in EMC Unisphere for VMAX versions prior to 8.2.0, which can be exploited by a remote attacker to write...

CVE-2016-0889

An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname...

cronic Arbitrary File Write Vulnerability

cronic is a shell script maintained by software developer Daniel Lange for wrapping cron jobs to prevent redundant email delivery. An arbitrary file write vulnerability exists in cronic, which can be exploited by an attacker by creating a symbolic link /tmp/cronic.out.PID - /etc/fstab to write...

CVE-2015-5313

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storagebackendfs.c in libvirt, when fine-grained Access Control Lists ACL are in effect, allows local users with storagevol:create ACL but not domain:write permission to write to arbitrary files via ...

CVE-2016-0784

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. dot dot in a ZIP archive entry...

Arbitrary File Write

Overview Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of...

Apache OpenMeetings OpenMeetings Administration Menu Directory Traversal Vulnerability

Apache OpenMeetings is the United States Apache Apache Software Foundation developed a set of multi-language customizable video conferencing and collaboration system, which supports audio, video and allows users to view each participant's desktop and so on. A directory traversal vulnerability...

MGASA-2016-0104 Updated pigz packages fix security vulnerability

Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a full pathname or .. dot dot in an archive CVE-2015-1191...

CactiEZ plugin weathermap arbitrary file write vulnerability

Cacti is a set of PHP, MySQL, SNMP and RRDTool based on the development of graphical analysis of network traffic monitoring tools.Weathermap is cacti in one of the most used plug-ins , you can use it to draw a network topology map . The CactiEZ plugin weathermap has an arbitrary file write...

OCS Inventory NG 2.2 - SQL Injection

Exploit for php platform in category web applications Exploit Title: OCS Inventory NG /ocsreports/index.php?function=visusearch - Time-based SQL Injection Choose a parameter, use EXACTLY operator: ' union select sleep5; - Code execution Bypass input escape and write to filesystem webshell PoC: '...

OCS Inventory NG 2.2 - SQL Injection

OCS Inventory NG 2.2 - SQL Injection Exploit Title: OCS Inventory NG /ocsreports/index.php?function=visusearch - Time-based SQL Injection Choose a parameter, use EXACTLY operator: ' union select sleep5; - Code execution Bypass input escape and write to filesystem webshell PoC: ' union select...

OCS Inventory NG 2.2 - SQL Injection

Exploit Title: OCS Inventory NG /ocsreports/index.php?function=visusearch - Time-based SQL Injection Choose a parameter, use EXACTLY operator: ' union select sleep5; - Code execution Bypass input escape and write to filesystem webshell PoC: ' union select CONCATchar60,char63,'php echo...

CVE-2016-1505

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore...

Haxx cURL Arbitrary File Write Vulnerability

Haxx cURL is a set of file transfer tools from the Swedish company Haxx that utilize URL syntax to work at the command line. A security vulnerability exists in Haxx cURL versions prior to 7.47.0 for Windows platforms, which can be exploited to write arbitrary files in the current working director...

CVE-2016-0754

cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name...

CVE-2016-0754

cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name...

CVE-2016-0754

cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name...

CVE-2016-0754

The issue CVE-2016-0754 affects the cURL command line tool for Windows prior to 7.47.0. A lack of data sanitization allows an attacker to write arbitrary files in the current working directory on a different drive when a colon appears in a remote file name, exploitable on Windows (where colons de...

Digital Paradise Mobile Office Middleware Interface Arbitrary File Write Vulnerability

Digital Paradise's MKey3G mobile office middleware is an enterprise-oriented application BYOD middleware platform, which has been widely used in energy, finance, government and enterprises. There is an arbitrary file writing vulnerability in the interface of Digital Paradise's mobile office...

commons-fileupload: Arbitrary file upload via deserialization

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...