27 matches found
CVE-2022-30244
Honeywell Alerton Ascent Control Module ACM through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program...
CVE-2021-3466
A flaw was found in libmicrohttpd. A missing bounds check in the postprocessurlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and...
CVE-2019-19731
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...
UBUNTU-CVE-2014-9983
Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive...
DEBIAN-CVE-2005-1229
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. dot dot in a cpio file...
DEBIAN-CVE-2005-1228
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. dot dot in the original filename within a compressed file...
security flaw
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...