111 matches found
CVE-2022-22679
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in support service management in Synology DiskStation Manager DSM before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors...
CVE-2021-29087
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors...
PT-2021-16588 · Unknown · Telephonyui
Name of the Vulnerable Software and Affected Versions: TelephonyUI versions prior to SMR MAY-2021 Release 1 Description: The issue is related to improper access control in TelephonyUI, allowing local attackers to write arbitrary files of the telephony process via untrusted applications. This can ...
Ubuntu Apport 后置链接漏洞
Apport is a toolkit for collecting and giving feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from Apport incorrectly handling certain information-gathering operations, which can...
Ubuntu Apport 后置链接漏洞
Canonical Ubuntu is a GNU/Linux operating system from the British company Canonical that focuses on desktop applications. A security vulnerability exists in Ubuntu Apport that stems from the incorrect handling of certain information gathering operations, which can be exploited by an attacker who...
USN-4965-1 apport vulnerabilities
Maik Münch discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use these issues to read and write arbitrary files as an administrator, and possibly escalate privileges...
CVE-2021-1306
A vulnerability in the restricted shell of Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is du...
Input validation
A vulnerability in the restricted shell of Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is du...
CVE-2021-25361
An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications...
CVE-2021-1385
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the devic...
Umbraco 路径遍历漏洞
Umbraco is an open source content management system CMS based on ASP.NET technology. A path traversal vulnerability exists in Umbraco 8.9.1 and earlier versions during package installation. An attacker can use this vulnerability to write arbitrary files outside of the site home directory and...
CVE-2020-9301
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...
VulnCheck KEV: CVE-2021-25337
Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370...
The numerous vulnerabilities in the API interface of the WADashboard component of the Advantech WebAccess software allow a perpetrator to write or overwrite any files in the file system.
The multiple vulnerabilities of the API interface of the WADashboard component in the Advantech WebAccess remote monitoring software are related to deficiencies in path validation before its use in file operations. Exploiting these vulnerabilities could allow a malicious actor to read arbitrary...
The vulnerability of the Cisco RoomOS operating system, related to permission handling errors, allows a intruder to write arbitrary files to the device’s file system.
The vulnerability of the Cisco RoomOS operating system is related to permission handling errors. Exploiting this vulnerability allows an attacker to write arbitrary files to the device’s file system with root privileges...
CVE-2019-1765
A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level...
Directory traversal
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...
CVE-2018-1000544
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...
The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform allows a perpetrator to write arbitrary files and execute arbitrary code.
The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform is related to the improper processing of the Opcode 10010 request. Exploiting this vulnerability allows a remote attacker to write arbitrary files and execute arbitrary code...
CVE-2017-15894
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager DSM 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the destfolderpath parameter...