Devscripts Arbitrary File Write Vulnerability

Debian is a free operating system developed and maintained by the Debian Project. devscripts is a collection of system maintenance scripts. A security vulnerability exists in versions of devscripts prior to 2.15.7. The vulnerability can be exploited by remote attackers to overwrite arbitrary file...

DEBIAN-CVE-2015-5705

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename...

CVE-2015-5705

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename...

Arbitrary file write vulnerability in MetInfo version 5.3.18 physical.php

MetInfo is a Content Management System CMS developed using PHP and Mysql. An arbitrary file write vulnerability exists in MetInfo version 5.3.18 in physical.php. An attacker can exploit the CSRF vulnerability to remotely write arbitrary content and gain server privileges...

Foxit PhantomPDF < 8.3.2 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the app.launchURL method allowing a context-dependent attacker to potentially...

PHPCMS V9.6.3 CSRF Vulnerability and Arbitrary File Write Vulnerability in the Backend

PHPCMS is a web content management system based on PHP and Mysql architecture. PHPcms V9.6.3 version of the backend exists CSRF vulnerability and arbitrary file write vulnerability. Attackers can use this vulnerability to remotely write Trojan horse files to obtain web server administrative...

Aruba Networks ClearPass Policy Manager Arbitrary File Write Vulnerability

Aruba Networks ClearPass Policy Manager CPPM is a BYOD Bring Your Own Device network access control policy enforcement platform from Aruba Networks. A security vulnerability exists in Aruba Networks CPPM versions prior to 6.4.7 and 6.5.x versions prior to 6.5.2. A remote attacker could exploit th...

CVE-2015-3653

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking...

XYHCMS \App\Runtime\Data\config\site.php page has an arbitrary file write vulnerability

Xing Yunhai CMS XYHcms is a completely open source CMS content management system. XYHCMS \App\Runtime\Data\config\site.php page has an arbitrary file write vulnerability. Attackers use this vulnerability to obtain server privileges by writing Webshell...

CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

CVE-2015-5700

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack...

Foxit Reader PDF Arbitrary File Write Remote Code Execution (CVE-2017-10952)

A remote code execution vulnerability has been reported in Foxit Reader. The vulnerability is due improper data validation which could lead to writing files. A remote attacker could exploit this vulnerability by enticing a user to click a maliciously crafted file. Successful exploitation could le...

Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write

Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, SiteScan Web 6.1 and prior ALC WebCTRL, i-Vu 6.0 and prior ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior ALC WebCTRL,...

LvyeCms CustompageController.class.php file has a logical design flaw

LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A logical design vulnerability exists in the LvyeCms CustompageController.class.php file. An attacker can exploit the vulnerability to write, modify, or delete any file in the system...

Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write Vulnerability

Automated Logic WebCTRL version 6.1 suffers from path traversal and arbitrary file write vulnerabilities. Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, SiteScan Web...

CVE-2017-12843

Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted 1 SYNCAPPLY, 2 SYNCGET or 3 SYNCRESTORE command...

Foxit to Fix PDF Reader Zero Days by Friday

In an about-face, Foxit Software says it will fix a pair of zero days in its PDF reader Foxit Reader and PhantomPDF, its PDF editing software. Foxit said it would push a patch for Reader and PhantomPDF, bringing the software to version 8.3.2, later this week—by Friday at the latest. The fixes com...

Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write

Summary WebCTRL®, Automated Logic's web-based building automation system, is known for its intuitive user interface and powerful integration capabilities. It allows building operators to optimize and manage all of their building systems - including HVAC, lighting, fire, elevators, and security -...

Automated Logic WebCTRL 6.1 - Path Traversal Arbitrary File Write

Automated Logic WebCTRL 6.1 - Path Traversal Arbitrary File Write Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, SiteScan Web 6.1 and prior ALC WebCTRL, i-Vu 6.0 and...