EUVD-2026-32275

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

CVE-2025-60685

A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the sysconf binary sub401EE0 function. The binary reads the /proc/stat file using fgets into a local buffer and subsequently parses the line using sscanf into a single-byte variable with the %s forma...

EUVD-2006-5846

Malware in sbrugna...

Arbitrary Code Injection

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Arbitrary Code Injection via modification of the resources folder when the embeddedAsarIntegrityValidation...

CVE-2024-47808

A vulnerability has been identified in SINEC NMS All versions V3.0 SP1. The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated medium-privileged attacker to...

CVE-2023-44402 ASAR Integrity bypass via filetype confusion in electron

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specifi...

CVE-2023-35852

CVE-2023-35852 is a Suricata vulnerability where, before version 6.0.13, an adversary controlling an external source of rules could cause a dataset filename (from a rule) to trigger absolute or relative directory traversal, enabling write access to a local filesystem. The issue arises in the rule...

CVE-2022-24897 Arbitrary filesystem write access from Velocity

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem...

WordPress Plugin Google Document Embedder Arbitrary File Disclosure

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rbmysql' cla...

WordPress Plugin Google Document Embedder Arbitrary File Disclosure

This Metasploit module exploits an arbitrary file disclosure flaw in the WordPress blogging software plugin known as Google Document Embedder. The vulnerability allows for database credential disclosure via the /libs/pdf.php script. The Google Document Embedder plug-in versions 2.4.6 and below ar...

WordPress Google Document Embedder Arbitrary File Disclosure

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rbmysql' class Metasploit3 'WordPress Plugin...

WordPress Plugin Google Document Embedder Arbitrary File Disclosure

This module exploits an arbitrary file disclosure flaw in the WordPress blogging software plugin known as Google Document Embedder. The vulnerability allows for database credential disclosure via the /libs/pdf.php script. The Google Document Embedder plug-in versions 2.4.6 and below are vulnerabl...

Design/Logic Flaw

HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit PDK applications, which allows local users to gain privileges by leveraging unintended filesystem write access...

CVE-2011-1738

HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit PDK applications, which allows local users to gain privileges by leveraging unintended filesystem write access...

CVE-2011-1738

HP Palm webOS 1.4.5 and 1.4.5.1 are affected by CVE-2011-1738 due to improper restriction of Plug-in Development Kit (PDK) applications, enabling local privilege escalation via unintended filesystem write access. The root cause is insufficient access controls on PDK apps, allowing local users to ...

CVE-2006-5862

Directory traversal vulnerability in the session mechanism of the web interface for Network Administration Visualized NAV before 3.1.1 allows attackers with filesystem write access to have an unknown impact via unknown attack vectors...