57 matches found
SUSE CVE-2011-1145
The SQLDriverConnect function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string...
SmartClient File Overwrite Vulnerability
smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . The console functionality of SmartClient 12.0 suffers from a file overwrite vulnerability in the remote procedure call RPC saveFile provided at the...
CVE-2020-9354
An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...
CVE-2020-9354
An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...
Path traversal
An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...
CVE-2020-9354
An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...
CVE-2020-9354
SmartClient 12.0 RPC console feature (saveFile) exposes an unauthenticated path-traversal vulnerability in the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall endpoint. An XML comment and /.. traversal can be exploited to overwrite files, as described across multiple sources (e.g., C...
DEBIAN-CVE-2011-1145
The SQLDriverConnect function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string...
Buffer overflow
The SQLDriverConnect function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string...
Telegram Messenger Directory Traversal Vulnerability
Telegram Messenger is a cross-platform instant messaging program whose client is free and open source software, but whose server is proprietary software. A directory traversal vulnerability exists in the saveFile method in MediaController.java in the Telegram Messenger Android application. An...
tnftp (savefile) Arbitrary Command Execution Exploit
This Metasploit module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the las...
tnftp "savefile" Arbitrary Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...
tnftp - 'savefile' Arbitrary Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...
tnftp "savefile" Arbitrary Command Execution
This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component...
CVE-2014-8678
The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."...
Design/Logic Flaw
The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."...
tnftp "savefile" Arbitrary Command Execution Exploit
This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component...
tnftp "savefile" Arbitrary Command Execution
This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component...
FlexCell Grid Control 5.6.9 - Remote File Overwrite Exploit
No description provided by source. HTML BODY b Author : Houssamix br/ br/ br/ FlexCell Grid Control 5.6.9 Remote File Overwrite Exploit br/ ExportToXML is vuln to br/ b/ object id=hsmx classid=clsid:2A7D9CCE-211A-4654-9449-718F71ED9644/object SCRIPT / Report for Clsid:...
PT-2010-2754 · Tetradyne +1 · Tetradyne Activex +1
Name of the Vulnerable Software and Affected Versions: HP Operations Manager versions 7.5, 8.10, 8.16 Description: The issue is related to multiple stack-based buffer overflows in a certain Tetradyne ActiveX control. This could allow remote attackers to execute arbitrary code via a long string...