CVE-2020-8159

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

LifterLMS Plugin for WordPress < 3.37.15 Arbitrary File Write

The WordPress LifterLMS Plugin installed on the remote host is affected by an arbitrary file write vulnerability that can allow the attackers to write and execute arbitrary PHP code on the server by changing their first name on their profile to PHP code. Note that the scanner has not tested for...

Arbitrary file write in actionpack-page_caching gem

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

GHSA-MG5P-95M9-RMFP Arbitrary file write in actionpack-page_caching gem

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

Directory Traversal

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

CVE-2020-8159

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

Exploit for CVE-2020-11651

CVE-2020-11651 PoC for CVE-2020-11651 Requires Python3 tested...

CVE-2020-11531

The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot...

CVE-2020-8983

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or...

CVE-2020-8983

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or...

Remote code execution

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or...

Arbitrary File Write

Overview actionpack-pagecaching is a static page caching library for Action Pack. Affected versions of this package are vulnerable to Arbitrary File Write. It is possible for an attacker to write unescaped ERB to a view, and therefore write arbitrary files to a web server, potentially resulting i...

CVE-2020-3307

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability...

CVE-2020-3307 Cisco Firepower Management Center Arbitrary Log File Write Vulnerability

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability...

CVE-2020-3307 Cisco Firepower Management Center Arbitrary Log File Write Vulnerability

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability...

Arbitrary file write/potential remote code execution in actionpack-page_caching

There is a vulnerability in the actionpack-pagecaching gem that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. Versions Affected: All versions of actionpack-pagecaching part of Rails...

CVE-2020-10859

Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request...

CVE-2020-10859

Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request...

WordPress LifterLMS Plugin < 3.37.15 Arbitrary File Write Vulnerability

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress LifterLMS Plugin Arbitrary File Write (CVE-2020-6008)

An Arbitrary File Write vulnerability exists in the WordPress LifterLMS Plugin. Successful exploitation of this vulnerability could lead to arbitrary code execution...