CVE-2020-21526

An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...

CVE-2020-15731 Local Privilege Escalation in Bitdefender Engines (VA-8953)

An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448...

Directory traversal

An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter...

Path traversal

The Metasploit Framework module "post/osx/gather/enumosx module" is affected by a relative path traversal vulnerability in the getkeychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host...

CVE-2020-2076

SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write fil...

CVE-2020-15577

An issue was discovered on Samsung mobile devices with P9.0 and Q10.0 software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 July 2020...

CVE-2020-10696

A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

CVE-2020-1885

Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file...

WordPress LifterLMS plugin <= 3.37.14 - Arbitrary File Writing vulnerability

Arbitrary File Writing vulnerability discovered by Omri Herscovici and Sagi Tzadik in WordPress LifterLMS plugin versions = 3.37.14. Solution Update the WordPress LifterLMS plugin to the latest available version at least 3.37.15...

LifterLMS < 3.37.15 - Arbitrary File Writing

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress WordPress plugin was affected by an Arbitrary File Writing security vulnerability...

CVE-2019-19459

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...

MGASA-2019-0351 Updated httpie packages fix security vulnerability

Updated httpie packages fix security vulnerability: HTTPie is vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or her control...

CVE-2011-3349

lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation...

logrotten 3.15.1 - Privilege Escalation

Exploit Title: logrotten 3.15.1 - Privilege Escalation Date: 2019-10-04 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all versions through 3.15.1 Tested on: Debian...

Design/Logic Flaw

A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing...

CVE-2019-15843

A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing...

Adobe ColdFusion CKEditor Directory Traversal (CVE-2018-15960)

A directory traversal vulnerability exists in Adobe ColdFusion CKEditor component. The vulnerability is due improper sanitation of paths before writing files. Successful exploitation of this vulnerability could allow an attacker to write files to arbitrary locations on the target system...

GHSA-XJJG-VMW6-C2P9 Open Redirect in httpie

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...

CVE-2019-10751

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...

PYSEC-2019-93

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...