Nitro Pro PDF - Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three vulnerabilities found in Nitro / Nitro Pro PDF. Nitro Pro is the PDF reader and editor that does everything you will ever need to do with PDF files. The powerful but snappy editor lets you change PDF documents with ease, and comes wit...

Multiple Vulnerabilities in JeeCMS v8.1 Template Management Function

JEECMS is a JEECMSv8.1 version is a collection of PC Internet, mobile Internet and WeChat website in one of the website group management system. JeeCMS v8.1 template management function exists file write, arbitrary file naming, arbitrary file creation vulnerability. An attacker can exploit the...

CVE-2017-8033: Cloud Controller API filesystem traversal vulnerability | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Versions Affected CAPI-release versions prior to v1.35.0 cf-release versions prior to v268 Description A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...

CVE-2017-11361

Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key...

Vlcms latest version has a file write vulnerability in the frontend

vlcms is a management system developed by Xigu software team based on OneThink framework to solve the promotion of handicraft. Vlcms latest version of the front-end file writing vulnerability, the vulnerability exists in the location of /Application/Callback/Controller/BaseController.class.php,...

Design/Logic Flaw

In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked...

FineCMS Arbitrary File Write Vulnerability

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework development for multiple terminals, including Pc-side web pages and mobile web pages, support for customized content models and member models, and can be customized fields, can be...

Code execution vulnerability in ThinkerCMS InputController.class.php

ThinkerPHP is based on thinkphp3.2 development of a rapid development system, which has excellent user experience, efficient development efficiency, simple and easy to get started, etc. ThinkerCMS is ThinkerPHP's content management system dedicated to small websites. A code execution vulnerabilit...

Puppet mcollective-sshkey-security plugin public key override vulnerability

puppet is a centralized configuration management system for Linux, Unix, and windows platforms , using its own puppet description language , you can manage configuration files , users , cron tasks , packages , system services and so on. A security vulnerability exists in the puppet...

CVE-2017-2298

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "pub.pem"...

Path traversal

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "pub.pem"...

UBUNTU-CVE-2015-8697

stalin 0.11-5 allows local users to write to arbitrary files...

CVE-2015-8697

stalin 0.11-5 allows local users to write to arbitrary files...

DEBIAN-CVE-2015-8697

stalin 0.11-5 allows local users to write to arbitrary files...

CVE-2015-8697

CVE-2015-8697 affects the stalin package, version 0.11-5. The available connected documents confirm that local users can write to arbitrary files due to this vulnerability. The provided material does not include root cause details, specific patches, or remediation steps. No exploit status or in-t...

CVE-2015-8697

stalin 0.11-5 allows local users to write to arbitrary files...

CVE-2014-8149

The CVE-2014-8149 entry affects OpenDaylight Defense4All, specifically versions 1.1.0 and earlier. The vulnerability allows remote authenticated users to write report data to arbitrary files, indicating an improper access control/unauthorized file write flaw. The available sources confirm the imp...

ourphp ourphp_filebox.php write any file vulnerability in frontend

OURPHP is a PHP+MySQL based development of W3C standard building system. ourphp v1.7.3 ourphpfilebox.php exists a write arbitrary file vulnerability in the frontend, due to the program fails to effectively examine the data submitted by visitors. Attackers use the vulnerability by writing Trojan...

HPE Intelligent Management Center dbman FileTrans Arbitrary File Write (CVE-2017-5822)

An arbitrary file write vulnerability has been reported in the dbman component of HPE Intelligent Management Center. The vulnerability is due to lack of authentication on FileTrans commands, used to transfer files to the host running dbman. A remote, unauthenticated attacker can exploit the...

Path traversal

In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a...