5495 matches found
Path traversal
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths0 path traversal mitigation bypass, through the createfile action in execute.php...
CVE-2018-20793
The CVE-2018-20793 entry concerns tecrail Responsive FileManager version 9.13.4. A path traversal mitigation bypass in the create_file action of execute.php allows remote attackers to write arbitrary files, due to improper handling of paths[0]. This is a remote, unauthenticated vulnerability with...
UBUNTU-CVE-2019-8943
WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring...
GHSA-6CPC-MJ5C-M9RQ Arbitrary File Write in cli
Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of Concept By...
Arbitrary File Write in cli
Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of Concept By...
Design/Logic Flaw
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...
CVE-2019-8407
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...
CVE-2019-8407
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...
Internet Bug Bounty: [bower] Arbitrary File Write through improper validation of symlinks while package extraction
Hi, I want to submit my report https://hackerone.com/reports/473811 for the Internet Bug Bounty. Snyk's writeup: https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction My assessment on why this report might be eligible: To qualify, vulnerabilities must meet the...
Symlink Arbitrary File Overwrite
Overview Versions of bower prior to 1.8.8 are affected by an arbitrary file write vulnerability. The vulnerability occurs because bower does not verify that extracted symbolic links do not resolve to targets outside of the extraction root directory. Recommendation Update to version 1.8.8 or later...
Bitdefender SafePay openFile Arbitrary File Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processi...
Arbitrary File Write
bower is vulnerable to arbitrary file write attacks. The vulnerability exists as it fails to restrict extracting files that are referencing symbolic links, allowing arbitrary files to be written during decompression...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview bower offers a generic, unopinionated solution to the problem of front-end package management. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. Attackers can write arbitrary files when a malicious archive is extracted. Details It i...
Arbitrary File Read, File Write Vulnerabilities in POSCMS
POSCMS is an open source cross-platform web content management system developed by Php+Mysql. POSCMS arbitrary file read, file write vulnerability, an attacker can use the vulnerability to read any file , to obtain control of the web server...
Arbitrary File Write
Plexus Archiver Component is vulnerable to zip-slip vulnerability. The vulnerability exists when the attacker inputs a malicious zip archive with filenames including file traversal characters such as dot dot .., leading to concatenation of file path locating outside of the destination folder...
Arbitrary File Write
ppc64-diag is vulnerable to arbitrary file overwrite. Multiple insecure temporary file use flaws were found in the way the ppc64-diag utility created certain temporary files. A local attacker could possibly use either of these flaws to perform a symbolic link attack and overwrite arbitrary files...
Arbitrary File Write
elfutils is vulnerable to arbitrary file write attacks. The vulnerability exists as a directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / slash in a craft...
Arbitrary File Write With Null Byte In File Name
The DiskFileItem class in Apache Commons FileUpload allows remote attackers to write to arbitrary files via a NULL byte in a file name when it is deserialized. This vulnerability first requires the application using this library to be deserializing untrusted data...
Arbitrary File Write
jbossweb is vulnerable to arbitrary file write attacks. The vulnerability exists as the readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to...
Arbitrary File Write
sssd is vulnerable to arbitrary file write attacks. The vulnerability exists as System Security Services Daemon SSSD before 1.9.4, when 1 creating, 2 copying, or 3 removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another...