Synology Photo Station Path Traversal Vulnerability (CNVD-2021-39502)

Synology Photo Station is a solution for sharing pictures, videos and blogs over the Internet from Synology Inc. of Taiwan, China. A path traversal vulnerability exists in Synology Photo Station versions prior to 6.8.14-3500, which can be exploited by remote attackers to write arbitrary files via...

Plone CMS <= 5.2.4 Multiple Vulnerabilities

Plone CMS is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-31800

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing...

SUSE: Security Advisory (SUSE-SU-2018:2975-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Joomla! path traversal vulnerability (CNVD-2021-16936)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A path traversal vulnerability exists in Joomla! 3.0.0 - 3.9.24. An attacker can...

Path traversal

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path...

PhpOK SQL Injection Vulnerability

phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. PhpOK 5.4.137 suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability by injecting attachment data via SQL and then calling the attachment...

CVE-2020-16629

PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path...

CVE-2020-15097

loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal to commit 5f48476, ...

Zip Slip

github.com/deislabs/oras is vulnerable to zip slip. Lack of validation during the extraction of archives or tarballs allows an attacker to write files to arbitrary locations or overwrite arbitrary files via symbolic and hard links in a malicious archive...

CVE-2020-17518 Apache Flink directory traversal attack: remote file writing through the REST API

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...

CVE-2020-25010

An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an...

CVE-2020-35460

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

CVE-2020-35460

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

CVE-2020-35460

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

Code injection

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files...

Intelbras Router RF 301K 1.1.2 - Authentication Bypass

Exploit Title: Intelbras Router RF 301K 1.1.2 - Authentication Bypass Date: 27/11/2020 Exploit Author: Kaio Amaral Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://backend.intelbras.com/sites/default/files/2020-10/RF301Kv1.1.2.zip Version: firmware version 1.1.2 Tested on:...

CVE-2020-21526

An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...

Directory traversal

An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...

CVE-2020-21526

CVE-2020-21526 affects halo v1.1.3. The vulnerability is an arbitrary file writing issue where a directory traversal check on the input path parameter can be bypassed via the startsWith function in the background file-writing interface. This results in potential unauthorized file writes with part...