CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

PYSEC-2024-159

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

CVE-2024-21542

CVE-2024-21542 affects luigi before 3.6.0, vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) caused by improper destination file path validation in the _extract_packages_archive function. A malicious zip can traverse paths to overwrite arbitrary files outside the target directo...

CVE-2024-21542

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...

Luigi 安全漏洞

Luigi is a Python package open-sourced by Spotify that helps build complex pipelines of batch jobs. A security vulnerability exists in Luigi versions prior to 3.6.0, which stems from incorrect validation of the destination file path in the extractpackagesarchive function, leaving it vulnerable to...

Cisco Unified Computing System Unrestricted Upload of File with Dangerous Type (CVE-2017-12332)

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installin...

CVE-2024-49421

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location...

Directory Traversal

Overview preqs is an A simple and fast requirements.txt file generator. Affected versions of this package are vulnerable to Directory Traversal due to improper path sanitization in the ArgParser.sanitisepath method. An attacker could manipulate the PATH argument to traverse directories using ".."...

PT-2024-10123

The issue is related to rsync, a software package used for synchronizing files across different locations. A path traversal flaw was discovered in rsync when the --safe-links option is used. This flaw allows an attacker to write files arbitrarily outside the intended directory due to rsync's...

CVE-2024-7243

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2024-7241

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2024-51499

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...

CVE-2024-51743 Arbitrary File Write leading up to remote code execution (instructor accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server...

CVE-2024-51743

CVE-2024-51743 affects MarkUs up to version 2.4.8, where an arbitrary file-write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write files to locations on the server. The underlying issue can lead to delayed remote code execution if a Ru...

CVE-2024-51743 Arbitrary File Write leading up to remote code execution (instructor accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server...

CVE-2024-51499

CVE-2024-51499 (MarkUs) : Affected software is MarkUs web app (Rails) versions before 2.4.8. The root cause is an arbitrary file write vulnerability exposed through the SubmissionsController.update_files method, allowing authenticated users (e.g., students) to write files to arbitrary server path...

CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...

CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...

CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...