61 matches found
DWSurvey Code Issue Vulnerability
DWSurvey is a questionnaire system written in Java. A security vulnerability exists in DWSurvey v.3.2.0 and earlier versions, which stems from a file upload vulnerability that allows remote attackers to execute arbitrary code via the saveimage and savveFile methods in the action/UploadAction.java...
CVE-2023-40980
File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file...
XML External Entity (XXE)
urule is vulnerable to XML External Entities XXE. A remote attacker is able to execute arbitrary code by uploading a crafted XML file to /urule/common/saveFile...
PT-2023-19465 · Urule · Urule
Name of the Vulnerable Software and Affected Versions: urule version 2.1.7 Description: An XML External Entity XXE issue allows attackers to execute arbitrary code by uploading a crafted XML file to the "/urule/common/saveFile" API endpoint. This is achieved by exploiting the saveFile...
SUSE CVE-2011-1145
The SQLDriverConnect function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string...
SmartClient File Overwrite Vulnerability
smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . The console functionality of SmartClient 12.0 suffers from a file overwrite vulnerability in the remote procedure call RPC saveFile provided at the...
CVE-2020-9354
An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...
CVE-2020-9354
An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...
Path traversal
An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...
CVE-2020-9354
An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path...
CVE-2020-9354
SmartClient 12.0 RPC console feature (saveFile) exposes an unauthenticated path-traversal vulnerability in the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall endpoint. An XML comment and /.. traversal can be exploited to overwrite files, as described across multiple sources (e.g., C...
DEBIAN-CVE-2011-1145
The SQLDriverConnect function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string...
Buffer overflow
The SQLDriverConnect function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string...
Telegram Messenger Directory Traversal Vulnerability
Telegram Messenger is a cross-platform instant messaging program whose client is free and open source software, but whose server is proprietary software. A directory traversal vulnerability exists in the saveFile method in MediaController.java in the Telegram Messenger Android application. An...
tnftp (savefile) Arbitrary Command Execution Exploit
This Metasploit module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the las...
tnftp "savefile" Arbitrary Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...
tnftp - 'savefile' Arbitrary Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...
tnftp "savefile" Arbitrary Command Execution
This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component...
CVE-2014-8678
The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."...
Design/Logic Flaw
The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."...