CVE-2023-24804 ownCloud Android app vulnerable to Path Traversal

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal...

CVE-2023-24804 ownCloud Android app vulnerable to Path Traversal

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal...

PT-2023-19788 · Owncloud · Owncloud Android App

Name of the Vulnerable Software and Affected Versions: ownCloud Android app versions prior to 3.0 Description: The ownCloud Android app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. These bypasses may lead to information disclosure when uploading the...

Arbitrary File Write

github.com/openshift/source-to-image is vulnerable to Arbitrary File Write. The vulnerability exists due to the improper input validation in tar.go, which allows an attacker to overwrite files outside of the working directory via a Zip Slip...

CVE-2023-0745

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

CVE-2023-0745 Arbitrary File Write in High Availability Backup Upload

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

CVE-2023-0745 Arbitrary File Write in High Availability Backup Upload

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

CVE-2023-0745

CVE-2023-0745 affects YugabyteDB Anywhere (versions 2.0.0.0–2.13.0.0). The issue is in the backup upload endpoint via path traversal in the PlatformReplicationManager.Java program, allowing arbitrary file writes and impacting confidentiality, integrity, and availability. The connected sources con...

CVE-2023-21445

CVE-2023-21445 concerns an improper access control vulnerability in Samsung MyFiles. Affected platforms include Android R (11) versions prior to 12.2.09, Android S (12) prior to 13.1.03.501, and Android T (13) prior to 14.1.00.422. The flaw allows a local attacker to write a file with MyFiles pri...

Arbitrary File Write

net.mingsoft:ms-mcms is vulnerable to Arbitrary File Write. An authenticated attacker is able to cause an arbitrary file write via the ms/template/writeFileContent.do component due to unrestricted file upload...

Dell Command Intel vPro Out of Band 安全漏洞

Dell Command | Intel vPro Out of Band is an application from Dell, Inc. that provides an out-of-band management solution. You are able to remotely manage client systems regardless of the power status of the system. A security vulnerability exists in Dell Command Intel vPro Out of Band. A locally...

Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip)

Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command. Specific Go Packages...

Apache Tomcat On Ubuntu Log Init Privilege Escalation Exploit

This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the...

ASUS RT-AC68U 路径遍历漏洞

The ASUS RT-AC68U is a router from Asus China. A security vulnerability exists in ASUS RT-AC68U router firmware versions prior to 3.0.0.4.386.41634, which originates from a directory traversal vulnerability in the cloud disk. An attacker can exploit this vulnerability to write to arbitrary files ...

CVE-2021-37315

Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations...

macOS Dirty Cow Arbitrary File Write Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Dirty Cow Arbitrary File Write Local Privilege Escalation', 'Description' = %q An app may be able to execute arbitrary code with kernel...

macOS Dirty Cow Arbitrary File Write Local Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Dirty Cow Arbitrary File Write Local Privilege Escalation', 'Description' = %q An app may be able to execute arbitrary code with kernel...

macOS Dirty Cow Arbitrary File Write Local Privilege Escalation

An app may be able to execute arbitrary code with kernel privileges Module Options msf use exploit/osx/local/macdirtycow msf exploitmacdirtycow show targets ...targets... msf exploitmacdirtycow set TARGET msf exploitmacdirtycow show options ...show and set options... msf exploitmacdirtycow exploi...

CVE-2022-47769

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...

CVE-2022-47769

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...