CVE-2022-22995

Netatalk (Apple Filing Protocol server) is affected by CVE-2022-22995. The vulnerability arises from a flaw in the interaction between SMB and AFP primitives in default configurations, enabling arbitrary file writes and potentially remote code execution. Demonstrations and advisories reference an...

PT-2022-15765 · Afp +5 · Afp +5

Name of the Vulnerable Software and Affected Versions: SMB and AFP affected versions not specified Description: The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting this combination of primitives, an attacker can...

CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...

Delta Electronics DIAEnergie路径遍历漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A path traversal...

CVE-2020-15388

CVE-2020-15388 affects Brocade Fabric OS; an authenticated CLI user can abuse the history command to write arbitrary content to files in vulnerable builds. Affected OS versions include Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h. Confirmed by multiple sources (Red Hat, Broadcom ad...

Hidden functionality in node-ipc

The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions 9.2.2...

Luocms arbitrary file writing vulnerability

Luocms v2.0 is an article management system. Luocms v2.0 is vulnerable to an arbitrary file-writing vulnerability that results from insufficient validation of filecontent submissions and filenamede filenames, which can be exploited to write arbitrary shell files via /admin/templates/templatemanag...

Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847 my personal poc and exploit of CVE-2022-0847di...

CVE-2022-26520

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

CVE-2022-23922

WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed...

CVE-2021-23521

This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the target dir allowing writing arbitrary files on the target host. In...

CVE-2021-37128

HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file...

PT-2022-7698 · Ibm · Ibm App Connect Enterprise Certified Container

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise Certified Container versions 7.1 through 12.4 Description: The issue is related to unrestricted resource allocation during file writing to the local filesystem, which can lead to a denial of service. This occurs...

CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

Path traversal

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

CVE-2021-25511

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability...

Path traversal

There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can write any content to any file...

Design/Logic Flaw

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files...

PT-2021-18900 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.0.1 Description: The issue allows an attacker to write arbitrary files by unpacking a maliciously crafted archive. This is possible due to insufficient checks, which have been improved in the fixed version...

Node.js Multiple Vulnerabilities (August 31st 2021 Security Releases)

The version of Node.js installed on the remote host is prior to 12.22.6 or 14.17.6. It is, therefore, affected by multiple remote code execution vulnerabilities in various components due to insufficient validation of user input. An unauthenticated, remote attacker can exploit this to bypass...