npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write

This module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given...

Code injection

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool ABRT, when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on 1 /var/spool/abrt or 2 /var/tmp/abrt...

Command Execution Vulnerability in AppCMS

APPCMS is a professional APP content management system that provides a variety of extension modules, such as information, recommended positions, topics, friendly links, body internal links and so on, to help webmasters better personalize their own websites. AppCMS has a command execution...

CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

Yandex ClickHouse Arbitrary File Write Vulnerability

Yandex ClickHouse is a set of open source columnar databases for online analytical processing of the Russian company Yandex. A security vulnerability exists in Yandex ClickHouse versions prior to 19.14.3. An attacker can exploit this vulnerability to cause clickhouse-server to perform a write...

Design/Logic Flaw

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When...

CVE-2019-15024

CVE-2019-15024 affects ClickHouse before 19.14.3. An attacker with write access to ZooKeeper who can run a network-accessible custom server can register a malicious replica in ZooKeeper. When another replica fetches a data part from this server, clickhouse-server can be forced to write to an arbi...

CVE-2019-16896

In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll aka the backup module improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality...

CVE-2019-16896

CVE-2019-16896 affects K7 Ultimate Security 16.0.0117. The backup module K7BKCExt.dll improperly validates administrative privileges, enabling a local, user‑privilege bypass that allows an arbitrary file write via a symbolic link attack with file restoration functionality. Documented impact acros...

CVE-2019-16896

In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll aka the backup module improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality...

UBUNTU-CVE-2019-19920

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

Citrix and NetScaler SD-WAN Center Unauthenticated Directory Traversal File Write

The remote Citrix SD-WAN Center or NetScaler SD-WAN Center is susceptible to directory traversal and file writes in arbitrary locations. This is due to improper sanitization of user-supplied input in the applianceSettingsFileTransfer action of ApplianceSettingsController. An unauthenticated, remo...

NPM -- Multiple vulnerabilities

NPM reports: Global nodemodules Binary Overwrite Symlink reference outside of nodemodules Arbitrary File Write...

File write vulnerability in Ocean CMS ad***_pi***.php page

Ocean CMS is a web content management system based on PHP+MYSQL architecture that can run across platforms. A file write vulnerability exists in the Ocean CMS adpi.php page. An attacker can exploit this vulnerability to gain control of the web server...

Cisco IOS XE Software Arbitrary File Write (cisco-sa-20180328-wfw)

According to its self-reported version, Cisco IOS XE Software is affected by an arbitrary file write vulnerability in the web-based user interface web UI due to insufficient input validation of HTTP requests that are sent to the web UI of the affected software. An authenticated, remote attacker c...

The vulnerability of the command-line tools for package managers NPM and Yarn allows a hacker to write arbitrary files.

The vulnerability of the command-line tools for package managers NPM and Yarn exists due to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files by creating symbolic links to files outside the module...

Roxy Fileman 1.4.5 - Directory Traversal

Roxy Fileman 1.4.5 - Directory Traversal Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal Author: Patrik Lantz Date: 2019-12-06 Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE:...

Roxy Fileman 1.4.5 - Directory Traversal

Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal Author: Patrik Lantz Date: 2019-12-06 Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE: CVE-2019-19731 Tested on: ASP.NET 4.0.30319 and...

Bash Profile Persistence

This module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback. This...