7215 matches found
CVE-2015-8275
The CVE-2015-8275 entry covers LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01, where an attacker can write arbitrary files via specially crafted EDOC files. Contemporary connected records confirm an arbitrary file write vulnerability exists in LVRTC eParakstitajs 3/edoc-libraries, wi...
Quest Privilege Manager 6.0.0 - Arbitrary File Write
Quest Privilege Manager 6.0.0 - Arbitrary File Write !/usr/bin/env python2 """ Exploit Title: Quest Privilege Manager pmmasterd Arbitrary File Write Date: 10/Mar/2017 Exploit Author: m0t Vendor Homepage: https://www.quest.com/products/privilege-manager-for-unix/ Version: 6.0.0-27, 6.0.0-50 Tested...
Quest Privilege Manager 6.0.0 - Arbitrary File Write
!/usr/bin/env python2 """ Exploit Title: Quest Privilege Manager pmmasterd Arbitrary File Write Date: 10/Mar/2017 Exploit Author: m0t Vendor Homepage: https://www.quest.com/products/privilege-manager-for-unix/ Version: 6.0.0-27, 6.0.0-50 Tested on: ubuntu 14.04 x8664, ubuntu 16.04 x86, ubuntu 12....
MGASA-2017-0101 Updated munin packages fix security vulnerability
Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process...
Updated munin packages fix security vulnerability
Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process...
WordPress Chat-Room Plugin Has Multiple Vulnerabilities
WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up a personal blog site.Chat-Room is one of the chat room plug-ins. A directory traversal and arbitrary file write vulnerability exists i...
WordPress Chat-Room plugin v0.1.2 directory traversal/arbitrary file write Vulnerabilities
Exploit for php platform in category web applications Exploit Title: WordPress Chat-Room plugin v0.1.2 directory traversal/arbitrary file write Date: 2017-03-08 Exploit Author: malwrforensics Vendor Homepage: https://webdevstudios.com/ Software Link: https://wordpress.org/plugins/chat-room/...
Design_edittheme2.php Arbitrary File Write Vulnerability in Ohoo Government System
Ohuhu government system is the government portal system of Shanghai Ohuhu Network Technology Co. An arbitrary file write vulnerability exists in the designedittheme2.php file of the Ohuhu government system. This vulnerability allows attackers to write arbitrary files and gain server privileges...
ohocms design_edittheme2. php file write vulnerability
No description provided by source...
Design/Logic Flaw
Portable UPnP SDK aka libupnp before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler...
CVE-2016-6255
Portable UPnP SDK aka libupnp before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler...
Security update for munin (important)
This update for munin fixes the following issues: - An attacker has been able to write arbitrary local files with the permissions of the web server, by using parameter injection boo1026539, CVE-2017-6188 - The MySQL plugin has been fixed to work correctly against MySQL 5.5 on Leap 42.1...
Bull / IBM AIX Clusterwatch / Watchware File Write / Command Injection
Bull Clusterwatch/Watchware is a VERY VERY OLD tool used by sysadmins to manage their AIX clusters. Marble effect in the web banner and questionable font: it smells the 90s ! Tool is mainly a web app with CGIs shell scripts and binaries and we have found three vulnerabilities in it: Trivial admin...
BullIBM AIX ClusterwatchWatchware - Multiple Vulnerabilities
BullIBM AIX ClusterwatchWatchware - Multiple Vulnerabilities Bull Clusterwatch/Watchware is a VERY VERY OLD tool used by sysadmins to manage their AIX clusters. Marble effect in the web banner and questionable font: it smells the 90s ! Tool is mainly a web app with CGIs shell scripts and binaries...
Bull/IBM AIX Clusterwatch/Watchware - Multiple Vulnerabilities
Bull Clusterwatch/Watchware is a VERY VERY OLD tool used by sysadmins to manage their AIX clusters. Marble effect in the web banner and questionable font: it smells the 90s ! Tool is mainly a web app with CGIs shell scripts and binaries and we have found three vulnerabilities in it: Trivial admin...
CWCMS background admin/cw_skin.php page has arbitrary file write vulnerability
CWCMS is an enterprise website management system. An arbitrary file write vulnerability exists in the admin/cwskin.php page of the CwCMS-PHP enterprise website management system, allowing attackers to write arbitrary executable files and gain server privileges...
[SECURITY] [DSA 3794-3] munin regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3794-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 03, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3794-3] munin regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3794-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 03, 2017 https://www.debian.org/security/faq -...
Rapid7 Metasploit Directory Traversal Vulnerability (CNVD-2017-02665)
Metasploit Pro is a guided penetration testing platform. A directory traversal vulnerability exists in the Meterpreter stdapi Dir.download function in versions of Rapid7 Metasploit prior to 4.13.0-2017020701. An attacker can exploit the vulnerability to write arbitrary files on the Metasploit...
CVE-2017-5228
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the...