194 matches found
SUSE CVE-2016-10173
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. dot dot in a TAR archive entry...
Email-Worm.Win32.Kipis.c MVID-2022-0652 File Write / Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8d0df60c96e4011c312d61ed3e6dc70e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Kipis.c Vulnerability: Remote File Write Code Execution Description: The...
rsync: remote arbitrary files write inside the directories of connecting peers
A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can copy and overwrite arbitrary files in the client's rsync target directory and subdirectories. This flaw allows a malicious server, or in some cases, another attacker wh...
CVE-2022-36990
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from...
CVE-2022-36990
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from...
Veritas NetBackup 安全漏洞
Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection of environmental data such as metadata and virtual environments. A security vulnerabilit...
PT-2022-23735 · Veritas · Veritas Netbackup
Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions 8.1.x through 8.1.2 Veritas NetBackup version 8.2 Veritas NetBackup versions 8.3.x through 8.3.0.2 Veritas NetBackup versions 9.x through 9.0.0.1 Veritas NetBackup versions 9.1.x through 9.1.0.1 Description: An issu...
gzip: arbitrary-file-write vulnerability
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...
Backdoor.Win32.Augudor.a Remote File Write / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/bf1b1a2f4be78d6b62ed7c316c77a9a1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Augudor.a Vulnerability: Unauthenticated Remote File Write - RCE Description: Augudor...
The vulnerability in the web interface of the software system for monitoring and managing Cisco Prime Infrastructure network equipment, as well as the Cisco Evolved Programmable Network Manager software for managing network services, allows a perpetrator to write arbitrary files.
The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager software relates to deficiencies in path name checking for access-limited directories. Exploiting this vulnerability could allow a malicious actor to...
The vulnerability of the Adobe Connect instant messaging program, related to the,。
The vulnerability of the Adobe Connect instant messaging program relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to remotely write arbitrary files to the device’s file system...
CVE-2021-42775
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In...
CVE-2021-25450
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket...
apache-flink: directory traversal attack allows remote file writing through the REST API
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...
CVE-2021-36942
Windows LSA Spoofing Vulnerability Recent assessments: jbaines-r7 at January 25, 2022 4:35pm UTC reported: Recently, I was attempting to combine James Forshaw’s remote EFSRPC file write “bug” with a local privilege escalation that I’d discovered. I was getting strange results. Working on one...
apache-flink: directory traversal attack allows remote file writing through the REST API
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...
Backdoor.Win32.Zaratustra Remote File Write / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f240c16af2189ea9c94f317281ce7e59.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zaratustra Vulnerability: Unauthenticated Remote File Write Remote Code Exec...
Vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are caused by privilege management errors, allowing attackers to write arbitrary files to the device’s file system.
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are due to privilege management errors. Exploiting these vulnerabilities can allow an attacker to remotely write arbitrary files...
USN-4769-1 salt vulnerabilities
It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. CVE-2014-3563 Andreas Stieger discovered that Salt...
CVE-2021-22652: Advantech iView Missing Authentication RCE (FIXED)
Advantech iView versions prior to 5.7.03.6112 suffer from an instance of "CWE-306: Missing Authentication For Critical Function." This vulnerability CVE-2021-22652 has a CVSSv3 score of 9.8, which is usually CRITICAL, since it effectively allows anyone who can connect to the iView server to run...