178 matches found
kernel: SCSI target (LIO) write to any block on ILO backstore
A flaw was found in the Linux kernel’s implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on t...
CVE-2021-25361
An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications...
CVE-2021-1385
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the devic...
Umbraco 路径遍历漏洞
Umbraco is an open source content management system CMS based on ASP.NET technology. A path traversal vulnerability exists in Umbraco 8.9.1 and earlier versions during package installation. An attacker can use this vulnerability to write arbitrary files outside of the site home directory and...
CVE-2020-9301
Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...
VulnCheck KEV: CVE-2021-25337
Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370...
CVE-2020-25412
comline in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy that may lead to arbitrary code execution...
EUVD-2020-30469
Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution...
CVE-2014-7175
FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php...
The numerous vulnerabilities in the API interface of the WADashboard component of the Advantech WebAccess software allow a perpetrator to write or overwrite any files in the file system.
The multiple vulnerabilities of the API interface of the WADashboard component in the Advantech WebAccess remote monitoring software are related to deficiencies in path validation before its use in file operations. Exploiting these vulnerabilities could allow a malicious actor to read arbitrary...
CVE-2019-15766
The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...
The vulnerability of the Cisco RoomOS operating system, related to permission handling errors, allows a intruder to write arbitrary files to the device’s file system.
The vulnerability of the Cisco RoomOS operating system is related to permission handling errors. Exploiting this vulnerability allows an attacker to write arbitrary files to the device’s file system with root privileges...
CVE-2019-1765
A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level...
Cisco HyperFlex Authorization Control Vulnerability
Cisco HyperFlex Software is a scalable, distributed file system. Cisco HyperFlex has an authorization control vulnerability in the Graphite interface, which can be exploited by a local attacker to write arbitrary data to Graphite and display invalid statistics in that interface by connecting to t...
Authorization Bypass
Linux kernel-rt is vulnerable to authorization bypass. The default SCSI command filter block/scsiioctl.c does not accommodate commands that overlap across device classes, allowing local users to bypass intended access restrictions to write arbitrary data to a read-only LUN via an SGIO ioctl call...
CVE-2018-5059
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user...
Directory traversal
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...
CVE-2018-1000544
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...
The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform allows a perpetrator to write arbitrary files and execute arbitrary code.
The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform is related to the improper processing of the Opcode 10010 request. Exploiting this vulnerability allows a remote attacker to write arbitrary files and execute arbitrary code...
CVE-2017-15894
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager DSM 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the destfolderpath parameter...