164 matches found
The vulnerability of the Jenkins CLIF Performance Testing Plugin lies in the incorrect path limitation for the restricted access directory, allowing attackers to create or replace any files in the file system.
The vulnerability of the Jenkins CLIF Performance Testing Plugin is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to create or replace any files in the file system remotely...
Apache Struts's ParameterInterceptor component does not prevent access to public constructors
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...
The vulnerability of the libxslt library in the PHP programming language allows attackers to create arbitrary files.
The vulnerability of the libxslt library in the PHP programming language is related to privilege management errors. Exploiting this vulnerability allows a malicious actor to create arbitrary files remotely...
The vulnerability of the Jenkins automation server, related to incorrect authentication procedures, allows attackers to create arbitrary files.
The vulnerability of the Jenkins automation server is related to an incorrect authentication process. Exploiting this vulnerability allows a malicious actor to remotely create arbitrary files...
The vulnerability of the ZipArchive::extractTo function in the PHP interpreter allows a attacker to create or overwrite files.
The vulnerability of the ZipArchive::extractTo function in the PHP interpreter exists due to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to create or re-record files remotely...
The vulnerability of the Moxa MXView network control software lies in its lack of functionality for checking the path name of the restricted access directory. This allows attackers to create or re-record arbitrary files.
The vulnerability of the Moxa MXView network control software is related to deficiencies in checking the path name of the restricted access catalog. Exploiting this vulnerability allows a malicious actor to create or re-record arbitrary files remotely...
Apple macOS SMB server create file request uninitialized memory disclosure
Summary A use of uninitialized data vulnerability exists in the SMB Server Apple macOS 11.2. A specially crafted SMB packet can cause uninitialized data to end up in server reply which can leak sensitive information. This vulnerability can be triggered by sending a malicious packet to the...
USN-4932-2 python-django vulnerability
USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwri...
IBM Spectrum Protect Plus Path Traversal Vulnerability (CNVD-2020-20703)
IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A path traversal vulnerability exists in IB...
DEBIAN-CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...
PT-2018-12645 · Red Hat +1 · Gluster +1
Name of the Vulnerable Software and Affected Versions: Gluster file system versions through 4.1.4 Description: The issue allows a remote attacker with access to mount volumes to exploit the GF XATTROP ENTRY IN KEY xattrop, creating arbitrary, empty files on the target server via abuse of the...
WebProxy vulnerable to directory traversal
Overview WebProxy provided by LunarNight Laboratory is software for creating a proxy server. WebProxy contains a directory traversal vulnerability CWE-22 due to a flaw in processing certain requests. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held...
GNU wget FTP Remote File Creation (CVE-2014-4877)
An input validation error exists in wget. The vulnerability can occur when wget retrieves files or directories over FTP that are or that contain symlinks. A remote attacker can exploit this vulnerability by creating a crafted FTP directory listing on a server and enticing a user to open the FTP...
BloBee vulnerable to arbitrary file creation
Overview BloBee provided by CGI RESCUE is a bulletin board software. BloBee contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
"Open Explorer Beta" App for Android vulnerable to directory traversal
Overview "Open Explorer Beta" App for Android provided by brandroid.org contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with t...
C-BOARD Moyuku vulnerable to arbitrary file creation
Overview C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a vulnerability that may allow a remote attacker to create arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
CA ERwin Web Portal ConfigServiceProvider Remote File Creation (CVE-2014-2210)
A remote file creation/overwrite vulnerability exists in CA ERwin Web Portal. This vulnerability is due to lack of authentication and insufficient input validation in the ConfigServiceProvider servlet when processing HTTP requests. By sending crafted HTTP requests to the target system, a remote...
Samba 2.0.x/2.2 - Remote Arbitrary File Creation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2928/info Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows file and printer sharing between operating systems on the Unix and Microsoft...
Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite PoC
No description provided by source. !-- Quest Toad for Oracle Explain Plan Display ActiveX Control QExplain2.dll 6.6.1.1115 Remote File Creation / Overwrite vendor site: http://www.quest.com/ file tested: QuestToad-Development-Suite-for-Oracle110R2.exe CLSID: F7014877-6F5A-4019-A3B2-74077F2AE126...
KingView 6.53 - ActiveX Remote File Creation / Overwrite (KChartXY)
No description provided by source. !-- KingView ActiveX Control KChartXY Remote File Creation / Overwrite Vendor: http://www.wellintech.com Version: KingView 6.53 Tested on: Windows XP SP3 / IE Download: http://www.wellintech.com/documents/KingView6.53EN.zip Author: Blake CLSID:...