@actions/download-artifact has an Arbitrary File Write via artifact extraction

Impact Versions of actions/download-artifact before 4.1.3 are vulnerable to arbitrary file write when downloading and extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 4.1.3 or higher. Alternatively use 'v4' tag which points to the lates...

GHSA-6Q32-HQ47-5QQ3 @actions/artifact has an Arbitrary File Write via artifact extraction

Impact Versions of actions/artifact before 2.1.7 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 2.1.7 or...

@actions/artifact has an Arbitrary File Write via artifact extraction

Impact Versions of actions/artifact before 2.1.7 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 2.1.7 or...

@actions/artifact has an Arbitrary File Write via artifact extraction

Versions of actions/artifact before 2.1.7 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted artifact that contains path traversal filenames...

CVE-2024-42471

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...

CVE-2024-42471 Arbitrary File Write via artifact extraction in actions/artifact

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...

CVE-2024-42471 Arbitrary File Write via artifact extraction in actions/artifact

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...

CVE-2024-42471 Arbitrary File Write via artifact extraction in actions/artifact

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...

CVE-2024-42471

CVE-2024-42471 affects the GitHub Toolkit component actions/artifact (2.x) prior to 2.1.2 , where extracting artifacts with path traversal filenames via downloadArtifactInternal , downloadArtifactPublic , or streamExtractExternal can cause an arbitrary file write. Affected advisories also referen...

PT-2024-29968 · Github · Actions/Artifact

Name of the Vulnerable Software and Affected Versions: actions/artifact versions 2.0.0 through 2.1.1 actions/artifact versions 2.1.2 through 2.1.6 Description: The issue concerns arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for...

Microsoft Exchange ProxyLogon Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework begin auxiliary class class MetasploitModule 'Microsoft Exchange ProxyLogon Scanner', 'Description' = %q This module scan for a vulnerability on Microsoft Exchange Serve...

Exploit for Improper Input Validation in Cacti

CVE-2024-25641 - Cacti 1.2.26 - Arbitrary file write to RCE 🌵...

Exploit for Improper Input Validation in Cacti

CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26 Fully auto...

GHSA-6JRJ-VC65-C983 unzip-stream allows Arbitrary File Write via artifact extraction

Impact When using the Extract method of unzip-stream, malicious zip files were able to write to paths they shouldn't be allowed to. Patches Fixed in 0.3.2 References - https://snyk.io/research/zip-slip-vulnerability - https://github.com/mhr3/unzip-stream/compare/v0.3.1...v0.3.2 Credits Justin Taf...

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...

BYOB 安全漏洞

BYOB Build Your Own Botnet is an open source post-development framework for students, researchers and developers by malwaredllc individual developers. A security vulnerability exists in version 2.0 of BYOB, which stems from the inclusion of an arbitrary file write issue...

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...

CVE-2024-45256

CVE-2024-45256 affects BYOB (Build Your Own Botnet) 2.0. The issue is an arbitrary file write in the exfiltration endpoint (file_add in api/files/routes.py) that lets unauthenticated attackers overwrite SQLite databases and bypass authentication via a crafted HTTP parameter. Several sources confi...