CVE-2022-20955

The CVE-2022-20955 issue affects Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software. The root cause is improper access controls on local file system assets and the CLI, enabling authenticated, local attackers to overwrite arbitrary files via symbolic links and to pe...

CVE-2022-20954 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the...

CVE-2022-27623

Summary (CVE-2022-27623) : Synology DiskStation Manager (DSM) prior to version 7.1-42661 is affected by a missing authentication for a critical function in the iSCSI management feature. This allows remote attackers to read or write arbitrary files via unspecified vectors. The issue is documented ...

Email-Worm.Win32.Kipis.c MVID-2022-0652 File Write / Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8d0df60c96e4011c312d61ed3e6dc70e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Kipis.c Vulnerability: Remote File Write Code Execution Description: The...

CVE-2022-20776

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the...

Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the...

PT-2022-5341 · Cisco · Cisco Roomos +1

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Collaboration Endpoint CE Software affected versions not specified Cisco RoomOS Software affected versions not specified Description: The issue is related to incorrect directory path restriction in the xAPI component of the...

CVE-2022-3368

A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556...

CVE-2022-38424

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...

Adobe ColdFusion 缓冲区错误漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and a scripting language. Adobe ColdFusion has a security vulnerability. An attacker can exploit the vulnerability to execute...

Exploit for Path Traversal in Zimbra Collaboration

cve-2022-41352 generate poc.tar $ chmod +x cpiopocgen...

EulerOS Virtualization 3.0.6.0 : xz (EulerOS-SA-2022-2597)

According to the versions of the xz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name...

EulerOS Virtualization 3.0.6.0 : gzip (EulerOS-SA-2022-2563)

According to the versions of the gzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file nam...

EulerOS Virtualization 3.0.6.6 : gzip (EulerOS-SA-2022-2505)

According to the versions of the gzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file nam...

CVE-2022-39858

Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege...

Arbitrary File Write

Jenkins Pipeline is vulnerable to Arbitrary File Write. The vulnerability exists because of using parameter name without sanitization as a relative path inside a build-related directory which allows an attacker to configure Pipelines to create or replace arbitrary files on the Jenkins controller...

SAMSUNG Mobile devices 路径遍历漏洞

SAMSUNG Mobile devices are a series of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung. A path traversal vulnerability exists in SAMSUNG Mobile devices version 3.5.51, which stems from a path traversal vulnerability in AtBroadcastReceiver in...

postgresql-jdbc: Arbitrary File Write Vulnerability

A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or serv...

Arbitrary File Write

postgresql-jdbc is vulnerable to arbitrary file writes. The vulnerability exists because the connection properties for configuring a pgjdbc connection are exposed which allows an attacker to specify arbitrary connection properties could lead to a compromise of a system...

postgresql-jdbc: Arbitrary File Write Vulnerability

A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or serv...