7267 matches found
PT-2023-12995 · Xunruicms · Xunruicms
Name of the Vulnerable Software and Affected Versions: XunRuiCMS versions 4.3.3 through 4.5.1 Description: The issue allows attackers to execute arbitrary PHP code via the add function in cron.php. This is made possible by the vulnerability to PHP file write and CMS PHP file inclusion...
CVE-2022-30037
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php...
CVE-2022-30037
XunRuiCMS versions 4.3.3–4.5.1 are affected by CVE-2022-30037 due to a PHP file write and PHP file inclusion vulnerability in cron.php (add function), enabling arbitrary PHP code execution. The root cause is the ability to write files and include them via cron.php, leading to high-impact compromi...
Important: xz
Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...
Important: gzip
Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...
Amazon Linux 2023 : gzip (ALAS2023-2023-043)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-043 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...
Amazon Linux 2023 : xz, xz-devel, xz-libs (ALAS2023-2023-042)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-042 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...
CVE-2023-28371
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...
DEBIAN-CVE-2023-28371
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...
UBUNTU-CVE-2023-28371
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...
CVE-2023-28371
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...
Fortinet FortiNAC keyUpload.jsp Arbitrary File Write Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiNAC keyUpload.jsp arbitrary file write', 'Description' = %q This module uploads a payload to the /tmp directory in addition to a cr...
CVE-2023-28338
Any request send to a Netgear Nighthawk Wifi6 Router RAX30's web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting ...
Fortinet FortiNAC keyUpload.jsp Arbitrary File Write
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiNAC keyUpload.jsp arbitrary file write', 'Description' = %q This module uploads a payload to the /tmp directory in addition to a cr...
CVE-2023-28371
CVE-2023-28371 affects Stellarium up to version 1.2, enabling arbitrary file writes via absolute pathnames or .. directory traversal. Connected advisories confirm the root cause is improper file write permissions within Stellarium’s handling of path traversal. Impact is high (potential data discl...
CVE-2023-28371
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...
CVE-2023-28371
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...
Fortinet FortiNAC keyUpload.jsp arbitrary file write
This module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The core vulnerability is an arbitrary file write issue in /configWizard/keyUpload.jsp which is accessible remotely and without authentication...
Remote Code Execution Vulnerability Through Unrestrict File Write
Description In the import setting function, in the file Froxlor\lib\Froxlor\SImExporter.php php fileputcontents$imgfilename, $imgdata; if functionexists'finfoopen' $finfo = finfoopenFILEINFOMIMETYPE; $mimetype = finfofile$finfo, $imgfilename; finfoclose$finfo; else $mimetype =...
CVE-2022-46723
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files...