Lucene search
+L

5495 matches found

Prion
Prion
added 2019/02/25 6:29 a.m.12 views

Path traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths0 path traversal mitigation bypass, through the createfile action in execute.php...

5CVSS7.6AI score0.04988EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/02/25 6:0 a.m.52 views

CVE-2018-20793

The CVE-2018-20793 entry concerns tecrail Responsive FileManager version 9.13.4. A path traversal mitigation bypass in the create_file action of execute.php allows remote attackers to write arbitrary files, due to improper handling of paths[0]. This is a remote, unauthenticated vulnerability with...

7.5CVSS7.5AI score0.04988EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/02/20 3:29 a.m.3 views

UBUNTU-CVE-2019-8943

WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring...

6.5CVSS7AI score0.91985EPSS
Exploits9References3
OSV
OSV
added 2019/02/18 11:40 p.m.32 views

GHSA-6CPC-MJ5C-M9RQ Arbitrary File Write in cli

Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of Concept By...

4.9CVSS4AI score0.00992EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2019/02/18 11:40 p.m.42 views

Arbitrary File Write in cli

Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of Concept By...

4.9CVSS3.8AI score0.00992EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2019/02/17 6:29 p.m.12 views

Design/Logic Flaw

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...

5.5CVSS6.4AI score0.0145EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/02/17 6:29 p.m.5 views

CVE-2019-8407

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...

6.5CVSS6.7AI score0.0145EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/02/17 6:0 p.m.19 views

CVE-2019-8407

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...

6.5AI score0.0145EPSS
Exploits1References1
Hacker One
Hacker One
added 2019/02/07 4:9 p.m.39 views

Internet Bug Bounty: [bower] Arbitrary File Write through improper validation of symlinks while package extraction

Hi, I want to submit my report https://hackerone.com/reports/473811 for the Internet Bug Bounty. Snyk's writeup: https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction My assessment on why this report might be eligible: To qualify, vulnerabilities must meet the...

5CVSS7.8AI score0.02566EPSS
Exploits1
Node.js
Node.js
added 2019/01/30 12:22 a.m.21 views

Symlink Arbitrary File Overwrite

Overview Versions of bower prior to 1.8.8 are affected by an arbitrary file write vulnerability. The vulnerability occurs because bower does not verify that extracted symbolic links do not resolve to targets outside of the extraction root directory. Recommendation Update to version 1.8.8 or later...

7AI score
Exploits0Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2019/01/29 12:0 a.m.33 views

Bitdefender SafePay openFile Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processi...

8.8CVSS2.3AI score0.03823EPSS
Exploits0
Veracode
Veracode
added 2019/01/25 1:35 a.m.15 views

Arbitrary File Write

bower is vulnerable to arbitrary file write attacks. The vulnerability exists as it fails to restrict extracting files that are referencing symbolic links, allowing arbitrary files to be written during decompression...

7.5CVSS7.6AI score0.02566EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2019/01/24 11:37 a.m.4 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview bower offers a generic, unopinionated solution to the problem of front-end package management. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. Attackers can write arbitrary files when a malicious archive is extracted. Details It i...

8CVSS7.8AI score0.02566EPSS
Exploits1References3
CNVD
CNVD
added 2019/01/17 12:0 a.m.3 views

Arbitrary File Read, File Write Vulnerabilities in POSCMS

POSCMS is an open source cross-platform web content management system developed by Php+Mysql. POSCMS arbitrary file read, file write vulnerability, an attacker can use the vulnerability to read any file , to obtain control of the web server...

7AI score
Exploits0
Veracode
Veracode
added 2019/01/15 9:24 a.m.25 views

Arbitrary File Write

Plexus Archiver Component is vulnerable to zip-slip vulnerability. The vulnerability exists when the attacker inputs a malicious zip archive with filenames including file traversal characters such as dot dot .., leading to concatenation of file path locating outside of the destination folder...

5.5CVSS5.3AI score0.13179EPSS
Exploits1References6Affected Software2
Veracode
Veracode
added 2019/01/15 9:6 a.m.20 views

Arbitrary File Write

ppc64-diag is vulnerable to arbitrary file overwrite. Multiple insecure temporary file use flaws were found in the way the ppc64-diag utility created certain temporary files. A local attacker could possibly use either of these flaws to perform a symbolic link attack and overwrite arbitrary files...

4.4CVSS5.8AI score0.00352EPSS
Exploits0References11Affected Software1
Veracode
Veracode
added 2019/01/15 9:4 a.m.24 views

Arbitrary File Write

elfutils is vulnerable to arbitrary file write attacks. The vulnerability exists as a directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / slash in a craft...

6.4CVSS6.2AI score0.05018EPSS
Exploits0References14Affected Software1
Veracode
Veracode
added 2019/01/15 9:0 a.m.33 views

Arbitrary File Write With Null Byte In File Name

The DiskFileItem class in Apache Commons FileUpload allows remote attackers to write to arbitrary files via a NULL byte in a file name when it is deserialized. This vulnerability first requires the application using this library to be deserializing untrusted data...

7.5CVSS8.2AI score0.12768EPSS
Exploits0References21Affected Software9
Veracode
Veracode
added 2019/01/15 8:58 a.m.40 views

Arbitrary File Write

jbossweb is vulnerable to arbitrary file write attacks. The vulnerability exists as the readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to...

7.5CVSS8.3AI score0.12768EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2019/01/15 8:57 a.m.21 views

Arbitrary File Write

sssd is vulnerable to arbitrary file write attacks. The vulnerability exists as System Security Services Daemon SSSD before 1.9.4, when 1 creating, 2 copying, or 3 removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another...

3.7CVSS5.9AI score0.00366EPSS
Exploits0References140Affected Software1
Rows per page
Query Builder