705 matches found
Exploit for SQL Injection in Zte Mf286R_Firmware
CVE-2022-39066 Firmware details: wainnerversion: BDPO...
CVE-2022-38582
Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files...
CVE-2022-20811
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the...
About the security content of macOS Big Sur 11.7.1
About the security content of macOS Big Sur 11.7.1 This document describes the security content of macOS Big Sur 11.7.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
About the security content of macOS Monterey 12.6.1
About the security content of macOS Monterey 12.6.1 This document describes the security content of macOS Monterey 12.6.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
PT-2022-20040 · Cms8000 · Cms8000
Name of the Vulnerable Software and Affected Versions: CMS8000 affected versions not specified Description: The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard...
SUSE SLED15 / SLES15 Security Update : rsync (SUSE-SU-2022:2959-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2959-1 advisory. - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside th...
Logic Flaw Vulnerability in Damon Database Management System (DM8)
Damon database management system DM8 is a new generation of large-scale general-purpose relational database. A logic flaw exists in DM8, which can be exploited by an attacker to write arbitrary files...
CVE-2021-3701
CVE-2021-3701 affects Ansible Runner, where the default temporary files configuration can cause temp files to be created in world-writable locations. An attacker who can authenticate locally could pre-create or redirect such directories, enabling reading private information or causing Ansible Run...
CVE-2022-36987
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server...
CVE-2022-36987
CVE-2022-36987 – Veritas NetBackup : The issue affects NetBackup in versions 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, and 9.x through 9.0.0.1, plus 9.1.x through 9.1.0.1. An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary serve...
CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation
Rapid7 discovered a local privilege escalation vulnerability affecting Zyxel firewalls. The vulnerability allows a low privileged user, such as nobody, to escalate to root on affected firewalls. To exploit this vulnerability, a remote attacker must first establish shell access on the firewall, fo...
GO-2022-0346 Path traversal in github.com/quay/claircore
A maliciously crafted RPM file can cause the Scanner.Scan function to write files with arbitrary contents to arbitrary locations on the local filestem...
[SECURITY] Fedora 36 Update: ignition-2.14.0-2.fc36
Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...
Jenkins Pipeline Plugin Arbitrary File Writing Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.Jenkins Pipeline Plugin...
Jenkins Plugin Pipeline 路径遍历漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.Jenkins Pipeline Plugin...
Path traversal for local publishers in TechDocs backend
Impact A malicious actor with the ability to register entities in the Software Catalog is able to write files to arbitrary paths on the techdocs backend host instance when techdocs.publisher.type is set to local. This vulnerability is mitigated by the fact that the Software Catalog must be...
CVE-2022-20807 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...
[SECURITY] Fedora 35 Update: ignition-2.14.0-1.fc35
Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...
Open Automation Software OAS Platform 访问控制错误漏洞
Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. Open Automation Software OAS Platform V16.00.0112 contains a file-writing vulnerability that can be exploited by attackers to cause remote code execution with specially crafted...