CVE-2021-38471

CVE-2021-38471 affects AUVESY Versiondog. The vulnerability arises from multiple API function codes that permit writing data to arbitrary files, enabling an attacker to modify existing files or create new ones. The NVD entry attributes a high impact (integrity and availability) with a CVSS v3 bas...

CVE-2021-38471 AUVESY Versiondog

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files...

CVE-2021-1419

CVE-2021-1419 affects Cisco Access Points (APs) SSH management interface, where improper checking of file operations allows a local, authenticated user to modify files and potentially gain root privileges. The root cause is input/file operation validation within the SSH management feature. Affect...

Cisco Access Points 安全漏洞

Cisco Access Points is a network access point device from Cisco. A security vulnerability exists in the Cisco Access Points platforms, which is caused by an incorrect file operation check in the SSH management interface. An attacker could use this vulnerability to allow a local authenticated user...

CVE-2021-41525

An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior...

Sql injection

An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior...

CVE-2021-41525

CVE-2021-41525 affects FlexNet Inventory Agent/Inventory Beacon (versions 2020 R2.5 and earlier). The issue allows a locally authenticated attacker to modify otherwise restricted files. The available documents consistently describe the vulnerability in terms of unauthorized modification after loc...

CVE-2021-39180 Path Traversal in Archive Handling Leading to Code Execution

OpenOLAT is a web-based learning management system LMS. A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user e.g. the tomcat user. Depending...

Vulnerabilities fixed in Pulse Connect Secure

Pulse Connect has fixed vulnerabilities in Pulse Connect Secure. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Data manipulation. Remote code execution...

Remote code execution

A remote code execution RCE vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file...

S-CMS 输入验证错误漏洞

S-CMS is a product developed by Zibo Shining Network Technology Co., Ltd. that provides solutions for building enterprise websites. a remote code execution vulnerability exists in /1.com.php in S-CMS version 3.0 PHP version. An attacker can exploit the vulnerability by modifying PHP files to get ...

Aruba Instant 8.7.1.0 Arbitrary File Modification

Exploit Title: Aruba Instant 8.7.1.0 - Arbitrary File Modification Date: 15/07/2021 Exploit Author: Gr33nh4t Vendor Homepage: https://www.arubanetworks.com/ Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Aruba Instant 6.5.x: 6.5.4.18 and below Aruba Instant 8.3.x: 8.3.0.14 and below Aru...

Aruba Instant 8.7.1.0 - Arbitrary File Modification Exploit

Exploit Title: Aruba Instant 8.7.1.0 - Arbitrary File Modification Exploit Author: Gr33nh4t Vendor Homepage: https://www.arubanetworks.com/ Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Aruba Instant 6.5.x: 6.5.4.18 and below Aruba Instant 8.3.x: 8.3.0.14 and below Aruba Instant 8.5.x:...

Aruba Instant 8.7.1.0 - Arbitrary File Modification

Exploit Title: Aruba Instant 8.7.1.0 - Arbitrary File Modification Date: 15/07/2021 Exploit Author: Gr33nh4t Vendor Homepage: https://www.arubanetworks.com/ Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Aruba Instant 6.5.x: 6.5.4.18 and below Aruba Instant 8.3.x: 8.3.0.14 and below Aru...

Arbitrary file modification vulnerability in qimengcms

qimengcms is a content management system. An arbitrary file modification vulnerability exists in qimengcms, which can be exploited by an attacker to compromise the integrity of the system...

CVE-2021-33214

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation...

BloofoxCms 跨站请求伪造漏洞

BloofoxCMS is a free open source PHP + MySQL based Web content management system . A cross-site request forgery vulnerability exists in BloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability by using mode=settings&page=editor to change the content of arbitrary files...

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

Privilege escalation

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...

CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by recreating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFl...