7269 matches found
CVE-2023-21505
Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox...
CVE-2023-1208
This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...
CVE-2023-32317
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
CVE-2023-45878
GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...
CVE-2023-42248
An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vamSql.php"...
CVE-2023-30678
Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file...
CVE-2023-44169
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminnotify.php...
CVE-2023-42661
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts...
CVE-2022-43293
Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\WacomTablet.exe...
CVE-2022-28964
An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 build 21.11.6809.528 allows attackers to cause a Denial of Service DoS via a crafted DLL file...
CVE-2022-47769
An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...
CVE-2022-46723
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files...
CVE-2022-47042
MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do...
CVE-2022-40087
Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function fileputcontents. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-36943
SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item...
CVE-2022-34109
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto, regardless of file type or size...
CVE-2022-34115
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...
CVE-2022-30060
ftcms =2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php...
CVE-2022-30037
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php...
CVE-2022-27261
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...