7263 matches found
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected...
Arbitrary File Write
django is vulnerable to arbitrary file write. The vulnerability exists through the django.utils.archive.extract function, used by startapp --template and startproject --template, to extract files with absolute paths or relative paths, out of the application root directory...
CentOS 8 : nodejs:10 (CESA-2020:0579)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:0579 advisory. - nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string CVE-2019-15604 - nodejs: HTTP request smuggling using...
Metasploit Wrap-Up
MobileIron MDM Hessian-Based Java Deserialization RCE Our very own wvu-r7 has added exploits/linux/http/mobileironmdmhessianrce, which exploits an ACL bypass in MobileIron MDM products to execute a Java deserialization attack using a Groovy gadget against a Hessian based endpoint. CVE-2020-15505...
PEAR Archive_Tar 1.4.10 Arbitrary File Write
This module takes advantages of ArchiveTar use exploit/multi/fileformat/archivetararbfilewrite msf exploitarchivetararbfilewrite show targets ...targets... msf exploitarchivetararbfilewrite set TARGET msf exploitarchivetararbfilewrite show options ...show and set options... msf...
Deislabs Oras Backlink Vulnerability
Deislabs Oras is a Go-based software from the Deislabs team for pushing OCI packages to the registered end. Deislabs Oras suffers from a backlink vulnerability that can be exploited by an attacker to write or overwrite specific files on a host file system other than the user's...
PEAR Archive_Tar Arbitrary File Write
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/tar' class MetasploitModule 'PEAR ArchiveTar %q This module takes advantages of ArchiveTar MSFLICENSE, 'Author' = 'gwillcox-r7', Metasploit module...
CVE-2020-8567
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...
Cisco SD-WAN vManage Path Traversal Vulnerability (CNVD-2021-05395)
Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. A path traversal vulnerability exists in the Web management interface of Cisco SD-WAN vManage versions prior to 18.2.0. The vulnerability stems from insufficient authentication of HTTP...
Cisco SD-WAN vManage Software 路径遍历漏洞
Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. A path traversal vulnerability exists in the Web management interface of Cisco SD-WAN vManage versions prior to 18.2.0. The vulnerability stems from insufficient authentication of HTTP...
Microsoft Spooler Local Privilege Elevation Exploit
This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds...
Microsoft Spooler Local Privilege Elevation Vulnerability
This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds...
CVE-2021-21251
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library...
CVE-2021-21251
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library...
Design/Logic Flaw
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library...
PT-2021-14361
Name of the Vulnerable Software and Affected Versions: OneDev versions prior to 4.0.3 Description: OneDev is an all-in-one devops platform with a critical "zip slip" vulnerability that may lead to arbitrary file write. The KubernetesResource REST endpoint untars user-controlled data from the...
OSV-2017-13 Heap-buffer-overflow in File::Write
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4293 Crash type: Heap-buffer-overflow READ Crash state: File::Write ComprDataIO::UnpWrite CmdExtract::UnstoreFile...
CVE-2020-17518
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...
Arbitrary File Write
flink-runtime is vulnerable to arbitrary file write. The vulnerability exists as files can be written to any accessible location through the modified value of HTTP HEADER...
Apache Flink Arbitrary File Write Vulnerability
Apache Flink is an efficient and distributed general purpose data processing platform. Apache Flink products have an arbitrary file write vulnerability that can be exploited by an attacker to read sensitive files on the server and with the help of hard-coded credentials exploit the vulnerability ...