Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write

Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, SiteScan Web 6.1 and prior ALC WebCTRL, i-Vu 6.0 and prior ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior ALC WebCTRL,...

Cisco ASR 5000 Series Aggregated Services Routers StarOS Arbitrary File Write Vulnerability

Cisco ASR 5000 Series Aggregated Services Routers are the ASR 5000 Series Aggregated Services Router products from Cisco.StarOS is the set of operating systems that run on them. An arbitrary file write vulnerability exists in StarOS in Cisco ASR 5000 Series Aggregated Services Routers version...

Cisco Prime Collaboration Provisioning Tool Arbitrary File Write Vulnerability

Cisco Prime Collaboration Provisioning Tool is a set of Web-based, next-generation communications services tools from Cisco. The tool provides IP communication services capabilities for IP telephony, voice mail, and unified communications environments. upgradeManager is one of the upgrade manager...

Openstack DBaaS Configuration File Write Vulnerability

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the U.S. Openstack DBaaS is one of the database service tools. A security vulnerability exists in Openstack DBaaS aka Trove in versions prior to Openstack...

Exploit for Open Redirect in Git-Scm Git

PoC exploit for CVE-2017-1000117, a vulnerability in the way Git handles submodule initialization. The target is Git, a vulnerability class/vector of arbitrary file write, probable entry point is the Git submodule initialization process, notable dependency is Git, and execution context is a Git...

UBUNTU-CVE-2015-3156

The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...

OurPHP front Desk arbitrary file write

No description provided by source...

Synology Photo Station Directory Traversal Vulnerability (CNVD-2017-27714)

Synology Photo Station is an online photo album and blog owned and managed by DSM users. A directory traversal vulnerability exists in PixlrEditorHandler.php in Synology Photo Station, which can be exploited by remote attackers to write arbitrary files via path parameters...

CVE-2017-11152

Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter...

File upload vulnerability in SchoolCMS backend SiteController.class.php

SchoolCMS is a school teaching management system based on PHP+MySQL. A file upload vulnerability exists in the SchoolCMS backend SiteController.class.php, due to the system Upload function not effectively filtering user-submitted data. A remote attacker can arbitrarily write files to gain web...

CVE-2017-6759

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

File upload vulnerability in SchoolCMS backend ThemeController.class.php

SchoolCMS is an open source faculty management system. SchoolCMS v2.3.1 version ThemeController.class.php and SiteController.class.ph Upload function in the file upload vulnerability, remote attackers can use the theme function in the background, to perform arbitrary file write operations to obta...

Cisco Prime Collaboration Provisioning Tool UpgradeManager File Write Vulnerability

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

Cisco DPC3939 Firmware Arbitrary File Write Vulnerability

Cisco DPC3939 is a wireless voice gateway product from Cisco USA. A security vulnerability exists in the Cisco DPC3939 firmware. It allows a remote attacker to write arbitrary data to a known /var/tmp/sess path by exploiting the operation of the UI exploit mode device...

CVE-2017-11459

SAP TREX 7.10 allows remote attackers to 1 read arbitrary files via an fget command or 2 write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592...

Pivotal Software Cloud Foundry cf-release and CAPI-release path traversal vulnerabilities

Pivotal Software Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other capabilities. cf-release and...

CVE-2015-7703

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration...

CVE-2015-7703

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration...

DEBIAN-CVE-2015-7703

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration...

CVE-2015-7703

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration...