Lucene search
K

12 matches found

OSV
OSV
added 2025/10/07 7:11 p.m.4 views

CLSA-2025-1759864289 git: Fix of CVE-2025-46835

CVE-2025-46835: prevent malicious creating and overwriting of user's files...

8.5CVSS7.3AI score0.00296EPSS
Exploits0References1
OSV
OSV
added 2025/09/29 5:45 p.m.5 views

CLSA-2025-1759167915 git: Fix of CVE-2025-46835

CVE-2025-46835: prevent malicious creating and overwriting of user's files...

8.5CVSS7.3AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.10 views

CVE-2020-5793

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerabili...

7.8CVSS6.4AI score0.00392EPSS
Exploits0References1
wpexploit
wpexploit
added 2022/12/29 12:0 a.m.159 views

Multiple themes - Unauthenticated Arbitrary File Upload

Multiple themes from ChimpStudio and PixFill does not have any authorisation and upload validation in the langupload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server. Create a malicious file "backdoor.php", then curl...

9.8CVSS1.4AI score0.02084EPSS
Exploits12
CNVD
CNVD
added 2021/09/22 12:0 a.m.20 views

Multiple NETGEAR Switches Vulnerable to Licensing Issues

Netgear NETGEAR is a router from Netgear, Inc. A hardware device that connects two or more networks and acts as a gateway between networks. A variety of NETGEAR switches are vulnerable to an authorization issue, which stems from a password field in the product's Web UI that fails to properly hand...

8.3CVSS1.8AI score0.13618EPSS
Exploits1Affected Software9
CNNVD
CNNVD
added 2021/09/16 12:0 a.m.9 views

NETGEAR 注入漏洞

Netgear NETGEAR is a router from Netgear, Inc. A hardware device that connects two or more networks and acts as a gateway between networks. A variety of NETGEAR switches are vulnerable to an authorization issue, which stems from a password field in the product's Web UI that fails to properly hand...

8.8CVSS7.9AI score0.13618EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.4 views

node-tar 后置链接漏洞

node-tar is a software package for file compression/decompression. A backlink vulnerability exists in Node-tar, which stems from the product not validating special characters. An attacker can use this vulnerability to create malicious files in other paths...

8.6CVSS7.1AI score0.0185EPSS
Exploits0References34
Exploit DB
Exploit DB
added 2017/09/04 12:0 a.m.46 views

RubyGems < 2.6.13 - Arbitrary File Overwrite

There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2015/01/07 2:1 p.m.14 views

Mini-stream-Ripper-3.0.1.1-(.m3u)

Mini-stream Ripper 3.0.1.1 .m3u Buffer Overflow Code Execution Software Link: http://www.mini-stream.net/downloads/Mini-streamRipper.exe Author: l3D Site: http://xraysecurity.blogspot.com nops1='\x90'0x2a80 system"calc" - Metasploit.com...

1.1AI score
Exploits0
exploitpack
exploitpack
added 2015/01/05 2:27 p.m.23 views

PotPlayer-1.5.42509-Beta

Exploit Title:PotPlayer 1.5.42509 Beta - DOSInteger Division by Zero Author: sajith version: PotPlayer 1.5.42509 Beta Vendor Homepage: http://daumpotplayer.com/ Tested in: Windows XP SP3 rawinput"Hit Enter to create a malicious file" f = open"victim.wav","w"...

0.3AI score
Exploits0
0day.today
0day.today
added 2012/03/14 12:0 a.m.19 views

VLC v. 1.1.11 .3gp Memory Corruption

Exploit for windows platform in category local exploits Exploit Title: VLC v. 1.1.11 .3gp Memory Corruption Date: 3/14/2012 Author: Dan Fosco Vendor or Software Link: www.videolan.org Version: 1.1.11 Category:: local Google dork: n/a Tested on: Windows XP SP3 64-bit Demo site: n/a include int mai...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2000/07/28 12:0 a.m.13 views

CVS Kit CVS Server 1.10.8 - Instructed File Create

CVS Kit CVS Server 1.10.8 - Instructed File Create source: https://www.securityfocus.com/bid/1523/info The cvs client blindly trust paths returned to it by the server. Therefore, a cvs client could be tricked into creating a file anywhere on the system by a malicious server. This problem can be...

7.4AI score
Exploits0
Rows per page
Query Builder