Remote code execution

A File Write can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution...

CVE-2018-19446

A File Write can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution...

CVE-2018-19446

CVE-2018-19446 affects Foxit Reader SDK ActiveX Pro (5.4.0.1031). The vulnerability lies in the JavaScript API Doc.createDataObject, which can cause a File Write when processing specially crafted PDFs, enabling remote code execution. According to the connected SRCINCITE entry, exploitation requir...

CVE-2018-19449

A File Write can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution...

Directory Traversal

pip is vulnerable to directory traversal. During installation of a remote package via pip install , a malicious server can send a Content-Disposition header containing ../ to join the temporary directory and the filename as download path, which allows for arbitrary file write and potentially code...

Schneider Electric Modicon M580 UMAS Strategy File Write Vulnerability

Summary An exploitable unauthenticated file write vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted sequence of UMAS commands can cause the device to overwrite...

CVE-2019-6737

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

CVE-2019-6737

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

CVE-2019-6737

CVE-2019-6737 affects Bitdefender SafePay 23.0.10.34. The root cause is improper handling of the TIScript openFile method, enabling an attacker-controlled arbitrary file write and remote code execution, with user interaction required (visiting a malicious page or opening a malicious file). Docume...

Valve: [CS 1.6] Map cycle abuse allows arbitrary file read/write

The CS 1.6 server has a feature of map cycle - i.e. automatic map change after specified period of time. This feature relies on data of the file specified in mapcyclefile cvar. Any user with RCON access to the server can set this variable to arbitrary value - no input sanitization applies. In ord...

Command injection

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution as root, starting from a low-privilege user session vulnerability. The cgi-bin/webfilemgr.cgi file allows arbitrary file write by...

CVE-2019-9949

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution as root, starting from a low-privilege user session vulnerability. The cgi-bin/webfilemgr.cgi file allows arbitrary file write by...

Valve: Arbitrary File Write as SYSTEM from unprivileged user

Note: This report was reviewed and updated after a correction to program scope. Vulnerability ======== The Steam Client installs a "Steam Client Service" that runs as SYSTEM to update the steam application. This service executes from C:\Program Files x86\Common\Steam where permissions are properl...

Arbitrary File Write

pcs is vulnerable to arbitrary file write attacks. An authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process via malicious REST calls...

Arbitrary File Write

github.com/mholt/archiver is vulnerable to arbitrary file write attacks. The vulnerability exists as the library does not properly sanitize the destination filepath when extracting archived files, allowing a malicious user to extract files to an arbitrary filepath and overwrite files...

Improper Input Validation in Apache Archiva

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/mholt/archiver/cmd/arc is a cross-platform, multi-format archive utility and Go library. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the Unarchive functions. Details It is exploited using a specially crafted zip...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/mholt/archiver/v3/cmd/arc is a cross-platform, multi-format archive utility and Go library. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the Unarchive functions. Details It is exploited using a specially crafted z...

Command Execution Vulnerability in Doccms 2016

DocCMS rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. A code execution vulnerability...