Vembu BDR Suite 代码问题漏洞

Vembu BDR Suite is a virtual machine management system. A code issue vulnerability exists in Vembu BDR Suite, which can be exploited by an attacker to write an unauthenticated file via a GET request that specifies the name and content of the file...

OBottle Arbitrary File Write Vulnerability

OBottle is a lighter, database-free blog. An arbitrary file write vulnerability exists in ct.php in OBottle version 2.0. No details of the vulnerability are provided at this time...

CVE-2020-36008

OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability...

CVE-2020-36008

OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability...

VMware vRealize Operations Arbitrary File Write Vulnerability

VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid and multi-cloud environments that delivers IT operations management on autopilot. An arbitrary file write vulnerability exists in the vRealize Operations Manager API prior to version 8....

CVE-2021-21983

CVE-2021-21983 is an authenticated arbitrary file write vulnerability in the VMware vRealize Operations Manager API (pre-8.4). A network‑accessible attacker can leverage the API to write files to arbitrary locations on the underlying Photon OS, potentially enabling code execution as illustrated i...

Microsoft Exchange 0-Day Attackers Spy on U.S. Targets

Microsoft has spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange Server. Adversaries have been able to access email accounts, steal a raft of data and drop malware on target machines for long-term remote access, according to the computin...

Microsoft Exchange Server Arbitrary File Write Vulnerability

Exchange is a messaging and collaboration system that is a suite of e-mail service components from Microsoft. Microsoft Exchange Server Arbitrary File Write Vulnerability. An attacker can exploit this vulnerability to write a file to any path on the server after authenticating through the Exchang...

CVE-2021-22114

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

CVE-2021-22114

CVE-2021-22114 concerns a path-traversal vulnerability in Spring Integration Zip handling. Connected sources indicate that Spring-integration-zip versions prior to 1.0.4 expose an arbitrary file write vulnerability via specially crafted zip archives (also affecting other archive formats like tar,...

Microsoft Spooler Local Privilege Elevation Exploit

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds...

Apache Flink Arbitrary File Write Vulnerability

Apache Flink is an efficient and distributed general purpose data processing platform. Apache Flink products have an arbitrary file write vulnerability that can be exploited by an attacker to read sensitive files on the server and with the help of hard-coded credentials exploit the vulnerability ...

CVE-2020-17518

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...

Microsoft Spooler Local Privilege Elevation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Spooler Local Privilege Elevation Vulnerability', 'Description' = %q This exploit leverages a file write vulnerability in the print...

CVE-2020-1885

CVE-2020-1885 affects Oculus Desktop on Windows prior to 1.44.0.32849. A privileged OVRRedir.exe process can write to an unprivileged destination via a hard link to a log file, enabling local privilege escalation to arbitrary files. The issue is described as local privilege elevation stemming fro...

Arbitrary File Write Vulnerability in LJCMS of Beijing Liangjing Zhicheng Technology Co.

LJCMS is a PHP+MYSQL based enterprise website system. Beijing LiangJingZhiCheng Technology Co., Ltd LJCMS exists arbitrary file writing vulnerability, attackers can construct the cms update address to the target write malicious files to obtain server privileges...

PT-2024-5186

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. An arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having th...

SUSE-SU-2020:0429-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: nodejs12 was updated to version 12.15.0. Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request...

macOS 10.15.x < 10.15.3 / 10.14.x < 10.14.6 / 10.13.x < 10.13.6

The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.3, 10.13.x prior to 10.13.6, 10.14.x prior to 10.14.6. It is, therefore, affected by multiple vulnerabilities: - In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.1 jenkins security update

An update for jenkins is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...