10 matches found
CVE-2023-20004
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An...
CVE-2023-5189 Hub: insecure galaxy-importer tarfile extraction
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...
CVE-2023-35947
A flaw was found in Gradle. When unpacking Tar archives, Gradle did not check that files could be written outside the unpack location. This issue could lead to important files being overwritten anywhere the Gradle process has write permissions. This flaw allows an attacker with control of an...
GHSA-JPF8-H7H7-3PPM tar-utils Path Traversal vulnerability
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
Input validation
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
RecoverPy - Interactively Find And Recover Deleted Or Overwritten Files From Your Terminal
You can already find plenty of solutions to recover deleted files, but it can be a hassle to recover overwritten files. RecoverPy searches through every block of your partition to find your request. Demo Installation RecoverPy is currently only available on Linux systems. Dependancies Mandatory...
DEBIAN-CVE-2017-8806
The Debian pgctlcluster, pgcreatecluster, and pgupgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL and other packages related to Debian and Ubuntu, handled symbolic links insecurely, which could result in local denial of service by...
Ubiquiti airOS - Arbitrary File Upload (Metasploit)
Exploit for unix platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ubiquiti airOS Arbitrary File Upload', 'Description' = %q This module exploits a pre-auth fi...
Ubiquiti airOS Arbitrary File Upload
This module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorizedkeys. FYI, /etc/passwd,dropbear/authorizedkeys will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSISTETC is true. This method is used by the "m...
Ubuntu Update for tomcat6 vulnerabilities USN-899-1
Ubuntu Update for Linux kernel vulnerabilities USN-899-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN8991.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for tomcat6 vulnerabilities USN-899-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...