7263 matches found
CVE-2022-23922
CVE-2022-23922 affects WIN-911 2021 R1 (up to 5.21.10) and R2 (up to 5.21.17). Description: a permissions misconfiguration allows a local attacker to write files to the Program Announcer directory and escalate privileges when the program runs. Connected docs corroborate affected product/versions ...
Cobbler < 3.3.0 Multiple Vulnerabilities
Cobbler is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification
!/usr/bin/env python3 -- coding: utf-8 -- ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Vendor: Industrial Control Links, Inc. Product web page: http://www.iclinks.com Product datasheet:...
Win-911 安全漏洞
Win-911 is a security software from the American company Win-911. It is used for industrial equipment alarm security. A security vulnerability exists in WIN-911 2021 that stems from a misconfiguration of permissions in the product, which could allow an attacker to exploit the vulnerability to wri...
WIN-911 安全漏洞
Win-911 is a security software from the American company Win-911. It is used for industrial equipment alarm security. A security vulnerability exists in WIN-911 that stems from WIN-911's susceptibility to a privilege misconfiguration. An attacker could use this vulnerability to write files locall...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke them remotely or wait for...
CVE-2022-25297
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save method may enable attackers to write files to arbitrary locations outside the designated target folder...
CVE-2022-25299 Arbitrary File Write
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mghttpupload method may enable attackers to write files to arbitrary locations outside the designated target folder...
Cesanta Mongoose 安全漏洞
Cesanta Mongoose is a set of embedded server libraries from the Irish company Cesanta, which includes features for TCP, HTTP clients and servers, and WenSocket clients and servers. A security vulnerability exists in mongoose, which stems from the use of the mg http upload method's insecure handli...
pgjdbc Arbitrary File Write Vulnerability
Overview The connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows...
GHSA-673J-QM5F-XPV8 pgjdbc Arbitrary File Write Vulnerability
Overview The connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows...
CVE-2022-25188
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...
Arbitrary File Write via Archive Extraction in mholt/archiver
mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
Arbitrary File Write in Libcontainer
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...
GHSA-5WMG-J84W-4JJ4 Arbitrary File Write via Archive Extraction in mholt/archiver
mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
GHSA-MQ66-VCFC-8246 Mercurial Path Traversal/Link Following vulnerability
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...
PT-2022-2555 · Amazon · Amazon Aws Client Vpn
Name of the Vulnerable Software and Affected Versions: Amazon AWS VPN Client version 2.0.0 Description: An issue exists in the Amazon AWS VPN Client, allowing parameters outside of the allow list to be injected into the configuration file. This can lead to an arbitrary file write as SYSTEM with...
CVE-2021-45420
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...
Design/Logic Flaw
UNSUPPORTED WHEN ASSIGNED Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication...
CVE-2021-45420
Emerson Dixell XWEB-500 devices are affected by an unauthenticated arbitrary file-write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. Exploitation allows writing arbitrary files to the target system, with potential denial of service and remote ...