Arbitrary File Upload

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Arbitrary File Upload via the createFile and save endpoints. An attacker can execute arbitrary code on the server by creating a file with a dangerous extension and injecti...

A deep dive into MUTZ

AtDEF CON 33, we shared our research into MapUrlToZone, a critical Windows security component that determines whether a given path is local, on the intranet, or on the broader Internet. This classification drives several security decisions across Windows, for example, preventing a CreateFile call...

EUVD-2019-0744

Malware in sbrugna...

EUVD-2007-3386

Malware in sbrugna...

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php

...

CVE-2024-42481

CVE-2024-42481 affects the Skyport Daemon (skyportd) used with Skyport Panel. The root cause is lack of rate limiting on createFolder and createFile, enabling exploitation by creating thousands of folders/files which can drive 100% CPU usage and cause an Out-of-Memory condition, potentially crash...

SolarWinds Access Rights Manager CreateFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CreateFile method. The issue results from the lack of proper...

PT-2024-4872 · Solarwinds · Solarwinds Access Rights Manager

Name of the Vulnerable Software and Affected Versions: SolarWinds Access Rights Manager affected versions not specified Description: The issue is related to the CreateFile method in SolarWinds Access Rights Manager, which is susceptible to a directory traversal vulnerability. This vulnerability c...

GHSA-9H4G-27M8-QJRG Path Traversal in socket.io-file

All versions of socket.io-file are vulnerable to Path Traversal. The package fails to sanitize user input and uses it to generate the file upload paths. The socket.io-file::createFile message contains a name option that is passed directly to path.join. It is possible to upload files to arbitrary...

Cross-site Scripting in Bolt

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php...

GHSA-CJ8P-53V9-2C26 Cross-site Scripting in Bolt

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php...

CVE-2019-15485

CVE-2019-15485: Bolt before 3.6.10 is vulnerable to cross-site scripting via createFolder or createFile in Controller/Async/FilesystemManager.php. The issue affects Bolt CMS versions prior to 3.6.10 and is exploitable through crafted input in file/folder creation paths, as documented in multiple ...

Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation

Windows: DSSVC DSOpenSharedFile Arbitrary File Open EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure all t...

Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion Exploit

Exploit for windows platform in category local exploits Windows: DSSVC CheckFilePermission Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m...

Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion

Windows: DSSVC CheckFilePermission Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure...

Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion

Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion Windows: DSSVC CheckFilePermission Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple...

Flash Broker-Based - Sandbox Escape via Unexpected Directory Lock

Source: https://code.google.com/p/google-security-research/issues/detail?id=279&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id FlashBroker - Junction Check Bypass With Locked Directory IE PM Sandbox Escape 1. Windows 8.1 Internet Explorer Protected Mode Bypass in FlashBrok...

Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/8128/info It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API. Because of this, an attacker may be able to gain access to the SYSTEM account. / tac0tac0.c - pay no...

Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/8128/info It has been reported that Microsoft Windows does not properly handle named pipes through the CreateFile API. Because of this, an attacker may be able to gain access to the SYSTEM account. / tac0tac0.c - pay no...

MS SQL Server 2000,MS Jet 4.0 Engine Unicode Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5057/info Microsoft SQL Server is prone to a remotely exploitable unicode-based buffer overflow condition. This condition occurs when the OpenDataSource function is used with MS Jet Engine. This issue may be exploited to...