7215 matches found
CVE-2017-1000169
QuickerBB version = 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB...
CVE-2017-1000125
Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...
CVE-2017-1000125
CVE-2017-1000125 affects Codiad. The vulnerability arises because full-version Codiad allows writing arbitrary data to its installation configuration file, enabling an attacker to upload a webshell. The issue is described consistently across sources as a file upload/configuration write flaw leadi...
Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write
Description The vulnerability is triggered by an authenticated user that can use the manualcommand console in the management panel of the affected application. The ManualCommand function in ManualCommand.js allows users to perform additional diagnostics and settings overview by using pre-defined...
CVE-2017-16780
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file...
VMware AirWatch Console Security Bypass Vulnerability
VMware AirWatch is a console application for the VMware AirWatch Console, a suite of enterprise mobility management solutions from VMware. A security bypass vulnerability exists in VMware AirWatch Console version 9.x prior to 9.2.0. A remote attacker could exploit the vulnerability to write...
mybb -- multiple vulnerabilities
myBB Team reports: High risk: Installer RCE on configuration file write High risk: Language file headers RCE Medium risk: Installer XSS Medium risk: Mod CP Edit Profile XSS Low risk: Insufficient moderator permission check in delayed moderation tools Low risk: Announcements HTML filter bypass Low...
Samba Arbitrary File Write Vulnerability
Samba is free software that allows UNIX operating systems to link with the SMB/CIFS network protocol of the Microsoft Windows operating system. A security vulnerability exists in Samba that allows remote attackers to exploit the vulnerability to submit special requests to arbitrarily write or...
GHSA-GFJR-3JMM-4G9V Symlink Arbitrary File Overwrite in tar
Versions of tar prior to 2.0.0 are affected by an arbitrary file write vulnerability. The vulnerability occurs because tar does not verify that extracted symbolic links to not resolve to targets outside of the extraction root directory. Recommendation Update to version 2.0.0 or later...
Symlink Arbitrary File Overwrite in tar
Versions of tar prior to 2.0.0 are affected by an arbitrary file write vulnerability. The vulnerability occurs because tar does not verify that extracted symbolic links to not resolve to targets outside of the extraction root directory. Recommendation Update to version 2.0.0 or later...
Arbitrary File Write Access in Puppet
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise PE 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log /tmp/out.log...
Squid Analysis Report Generator 2.3.10 - Remote Code Execution
Squid Analysis Report Generator 2.3.10 - Remote Code Execution Exploit Title: RCE/Arbitrary file write in Squid Analysis Report Generator SARG Google Dork: inurl:sarg-php Date: 01 September 2017 Exploit Author: Pavel Suprunyuk Vendor Homepage: https://sourceforge.net/projects/sarg/ Software Link:...
Squid Analysis Report Generator 2.3.10 - Remote Code Execution
Exploit Title: RCE/Arbitrary file write in Squid Analysis Report Generator SARG Google Dork: inurl:sarg-php Date: 01 September 2017 Exploit Author: Pavel Suprunyuk Vendor Homepage: https://sourceforge.net/projects/sarg/ Software Link: https://sourceforge.net/projects/sarg/ Version: Tested on...
Munin: Arbitrary file write
Background Munin is an open source server monitoring tool. Description When Munin is compiled with CGI graphics enabled then the files accessible to the www-data user can be overwritten. Impact A local attacker, by setting multiple upperlimit GET parameters, could overwrite files accessible to th...
IBM Open Admin Tool SOAP welcomeServer PHP Command Injection
Added: 09/27/2017 CVE: CVE-2017-1092 BID: 98615 Background IBM Informix Dynamic Server IDS is an online transaction processing OLTP data server for enterprise and workgroup computing. Open Admin Tool OAT is an open source, platform-independent tool providing a graphical interface for administrati...
sam2p file write vulnerability
sam2p is a UNIX command line utility program written in C++ that converts images to PDF and other formats. A file write vulnerability exists in sam2p version 0.49.3. An attacker can exploit this vulnerability to write to an illegal address...
Cloudview NMS 2.00b Writable Directory Traversal Execution
require 'msf/core' class MetasploitModule "Cloudview NMS 2.00b Writable Directory Traversal Execution", 'Description' = %q This module exploits a vulnerability found in Cloudview NMS server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary...
Mako Server SSRF / Disclosure / Code Execution
SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391 + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MAKO-WEB-SERVER-MULTIPLE-UNAUTHENTICATED-VULNERABILIITIES-SECURITEAM.txt + ISR: ApparitionSec...
CVE-2015-4523
The CVE-2015-4523 issue affects the Blue Coat Malware Analysis Appliance (MAA) and Malware Analyzer G2. A vulnerability allows a VM-escaped sample to bypass VM protections and write to the host file system, potentially overwriting files and causing a reboot or factory reset; in some cases it coul...
Arbitrary File Write Vulnerability in KODExplorer v4.06 Frontend
KodExplorer Kodo Cloud formerly Mango Cloud is a private cloud and online file management system based on Web technology developed by Shanghai Daimu Networks Co., Ltd. and is committed to providing users with secure and controllable, reliable and easy-to-use, highly scalable private cloud...