CVE-2018-1315

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...

Gyazo allows local users to write arbitrary files

lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames...

The vulnerability of software tools for backup and data restoration in NetBackup Appliance and NetBackup, related to lack of access control, allows attackers to perform file writing in a privileged mode.

The vulnerability of software tools for backup and data restoration in NetBackup Appliance and NetBackup is related to lack of access control. Exploiting this vulnerability allows a malicious actor to perform file writing in a privileged mode, using the “bprd” process...

The vulnerability of software tools for backup and data restoration in NetBackup Appliance and NetBackup, related to lack of access control, allows attackers to perform file writing in a privileged mode.

The vulnerability of software tools for backup and data restoration in NetBackup Appliance and NetBackup is related to lack of access control. Exploiting this vulnerability allows a malicious actor to perform file writing in a privileged mode, using the “bprd” process...

CVE-2017-12843

Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted 1 SYNCAPPLY, 2 SYNCGET or 3 SYNCRESTORE command...

CVE-2017-12843

CVE-2017-12843 affects Cyrus IMAP before 3.0.3. Remote authenticated users can write to arbitrary files using crafted SYNCAPPLY, SYNCGET, or SYNCRESTORE commands. Severity is MEDIUM (CVSSv3: 6.5) with high impact on integrity. Affected product: Cyrus IMAP server; vulnerable component: IMAP comman...

Foxit Reader command injection(CVE-2017-10951)and file writing Vulnerability(CVE-2017-10952)

A tale about Foxit Reader - Safe Reading mode and other vulnerabilities Some days ago someone send me the following link, which describes two vulnerabilities in Foxit Reader: http://thehackernews.com/2017/08/two-critical-zero-day-flaws-disclosed.html These two vulnerabilities are similar to the...

Foxit PDF reader there 2 at high-risk vulnerabilities, the vendor has refused to fix? - Vulnerability warning-the black bar safety net

Use Foxit Foxit PDF reader's user to pay special attention to the security researchers which discovered two serious 0day vulnerability, such as not the reader is configured in the secure read mode open file, it would let the attacker on the target computer to execute arbitrary code. Foxit company...

Information disclosure

DISPUTED An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking...

CVE-2017-9862

SMA Solar Technology Sunny Explorer information-disclosure (CVE-2017-9862) affects Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30. When signing in with an incorrect password, a debug report can be created that exposes application information and allows saving a .txt file with arbitrary co...

Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution

This module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader version 11. The saveAs Javascript API function allows for writing arbitrary files to the file system. Additionally, the launchURL function allows an attacker to execute local files on the file system and...

CVE-2017-2298

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "pub.pem"...

CVE-2017-2298

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "pub.pem"...

sharkPy - NSA Tool to Dissect, Analyze, and Interact with Network Packet Data using Wireshark and libpcap capabilities

A python module to dissect, analyze, and interact with network packet data as native Python objects using Wireshark and libpcap capabilities. sharkPy dissect modules extend and otherwise modify Wireshark's tshark. SharkPy packet injection and pcap file writing modules wrap useful libpcap...

CVE-2015-8326

The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user...

CVE-2015-8326

The CVE-2015-8326 issue affects the IPTables-Parse Perl module (before 1.6). A local attacker can exploit insecure temporary file creation to write to arbitrary files owned by the current user via the module’s file handling. Root cause: predictable/unsafe temporary file handling enabling a symbol...

Disk Sorter Enterprise 9.5.12 - 'Import Command' Local Buffer Overflow

!/usr/bin/env python Exploit Title: DiskSorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow SEH Date: 2017-03-29 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.disksorter.com Software Link:...

Sync Breeze Enterprise 9.5.16 - Import Command Local Buffer Overflow

Sync Breeze Enterprise 9.5.16 - Import Command Local Buffer Overflow !/usr/bin/env python Exploit Title: Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow SEH Date: 2017-03-29 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage:...

PHPMailer Sendmail Argument Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'PHPMailer Sendmail Argument Injection', 'Description' = %q PHPMailer versions up to and including 5.2.19 are affected by a...

Observium PHP Object Unserialization Remote File Writing Vulnerability

The remote Observium server is affected by a remote file writing vulnerability in the vardecode function in common.inc.php due to improper validation of user-supplied GET, POST and COOKIE values before use in the PHP unserialize function. An unauthenticated, remote attacker can exploit this to...