Lucene search
K

164 matches found

BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.9 views

The vulnerability of the Jenkins CLIF Performance Testing Plugin lies in the incorrect path limitation for the restricted access directory, allowing attackers to create or replace any files in the file system.

The vulnerability of the Jenkins CLIF Performance Testing Plugin is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to create or replace any files in the file system remotely...

6.8CVSS6.5AI score0.00674EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/04 12:29 a.m.24 views

Apache Struts's ParameterInterceptor component does not prevent access to public constructors

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...

6.4CVSS6.9AI score0.38261EPSS
Exploits1References10Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.7 views

The vulnerability of the libxslt library in the PHP programming language allows attackers to create arbitrary files.

The vulnerability of the libxslt library in the PHP programming language is related to privilege management errors. Exploiting this vulnerability allows a malicious actor to create arbitrary files remotely...

6.4CVSS7.5AI score0.0315EPSS
Exploits2References22Affected Software4
BDU FSTEC
BDU FSTEC
added 2021/12/20 12:0 a.m.5 views

The vulnerability of the Jenkins automation server, related to incorrect authentication procedures, allows attackers to create arbitrary files.

The vulnerability of the Jenkins automation server is related to an incorrect authentication process. Exploiting this vulnerability allows a malicious actor to remotely create arbitrary files...

10CVSS7.8AI score0.01505EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/12/17 12:0 a.m.5 views

The vulnerability of the ZipArchive::extractTo function in the PHP interpreter allows a attacker to create or overwrite files.

The vulnerability of the ZipArchive::extractTo function in the PHP interpreter exists due to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to create or re-record files remotely...

7.1CVSS6.8AI score0.01337EPSS
Exploits0References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/10/13 12:0 a.m.7 views

The vulnerability of the Moxa MXView network control software lies in its lack of functionality for checking the path name of the restricted access directory. This allows attackers to create or re-record arbitrary files.

The vulnerability of the Moxa MXView network control software is related to deficiencies in checking the path name of the restricted access catalog. Exploiting this vulnerability allows a malicious actor to create or re-record arbitrary files remotely...

7.8CVSS8.1AI score0.01551EPSS
Exploits0References6Affected Software1
Talos
Talos
added 2021/06/02 12:0 a.m.221 views

Apple macOS SMB server create file request uninitialized memory disclosure

Summary A use of uninitialized data vulnerability exists in the SMB Server Apple macOS 11.2. A specially crafted SMB packet can cause uninitialized data to end up in server reply which can leak sensitive information. This vulnerability can be triggered by sending a malicious packet to the...

5.9CVSS7.2AI score0.01641EPSS
Exploits0
OSV
OSV
added 2021/05/13 12:31 p.m.6 views

USN-4932-2 python-django vulnerability

USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwri...

7.5CVSS7.2AI score0.05291EPSS
Exploits0References2
CNVD
CNVD
added 2020/04/01 12:0 a.m.2 views

IBM Spectrum Protect Plus Path Traversal Vulnerability (CNVD-2020-20703)

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A path traversal vulnerability exists in IB...

6.5CVSS6.7AI score0.01919EPSS
Exploits0References1
OSV
OSV
added 2018/10/31 7:29 p.m.1 views

DEBIAN-CVE-2018-14654

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...

6.5CVSS6.8AI score0.0263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/10/31 12:0 a.m.10 views

PT-2018-12645 · Red Hat +1 · Gluster +1

Name of the Vulnerable Software and Affected Versions: Gluster file system versions through 4.1.4 Description: The issue allows a remote attacker with access to mount volumes to exploit the GF XATTROP ENTRY IN KEY xattrop, creating arbitrary, empty files on the target server via abuse of the...

8.8CVSS6.6AI score0.05374EPSS
Exploits1References71
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/13 7:48 a.m.1 views

WebProxy vulnerable to directory traversal

Overview WebProxy provided by LunarNight Laboratory is software for creating a proxy server. WebProxy contains a directory traversal vulnerability CWE-22 due to a flaw in processing certain requests. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held...

7.5CVSS7AI score0.02344EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2015/08/02 12:0 a.m.8 views

GNU wget FTP Remote File Creation (CVE-2014-4877)

An input validation error exists in wget. The vulnerability can occur when wget retrieves files or directories over FTP that are or that contain symlinks. A remote attacker can exploit this vulnerability by creating a crafted FTP directory listing on a server and enticing a user to open the FTP...

9.3CVSS2.4AI score0.39883EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/12 5:12 a.m.2 views

BloBee vulnerable to arbitrary file creation

Overview BloBee provided by CGI RESCUE is a bulletin board software. BloBee contains a vulnerability that may allow a remote attacker to create arbitrary files CWE-20. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

7.5CVSS7.2AI score0.02673EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/03 5:59 a.m.1 views

"Open Explorer Beta" App for Android vulnerable to directory traversal

Overview "Open Explorer Beta" App for Android provided by brandroid.org contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

6.4CVSS6.9AI score0.01883EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/02/17 5:21 a.m.3 views

C-BOARD Moyuku vulnerable to arbitrary file creation

Overview C-BOARD Moyuku is a bulletin board software. C-BOARD Moyuku contains a vulnerability that may allow a remote attacker to create arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

7.5CVSS7.6AI score0.02673EPSS
Exploits0References5
Check Point Advisories
Check Point Advisories
added 2014/07/16 12:0 a.m.18 views

CA ERwin Web Portal ConfigServiceProvider Remote File Creation (CVE-2014-2210)

A remote file creation/overwrite vulnerability exists in CA ERwin Web Portal. This vulnerability is due to lack of authentication and insufficient input validation in the ConfigServiceProvider servlet when processing HTTP requests. By sending crafted HTTP requests to the target system, a remote...

2.2AI score0.05289EPSS
Exploits1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

Samba 2.0.x/2.2 - Remote Arbitrary File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2928/info Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows file and printer sharing between operating systems on the Unix and Microsoft...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.42 views

Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite PoC

No description provided by source. !-- Quest Toad for Oracle Explain Plan Display ActiveX Control QExplain2.dll 6.6.1.1115 Remote File Creation / Overwrite vendor site: http://www.quest.com/ file tested: QuestToad-Development-Suite-for-Oracle110R2.exe CLSID: F7014877-6F5A-4019-A3B2-74077F2AE126...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.32 views

KingView 6.53 - ActiveX Remote File Creation / Overwrite (KChartXY)

No description provided by source. !-- KingView ActiveX Control KChartXY Remote File Creation / Overwrite Vendor: http://www.wellintech.com Version: KingView 6.53 Tested on: Windows XP SP3 / IE Download: http://www.wellintech.com/documents/KingView6.53EN.zip Author: Blake CLSID:...

7.1AI score
Exploits0
Rows per page
Query Builder