RHEL 7 : postgresql-jdbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql-jdbc: Arbitrary File Write Vulnerability CVE-2022-26520 - pgjdbc is an open source postgresql...

RHEL 6 : postgresql-jdbc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql-jdbc: Arbitrary File Write Vulnerability CVE-2022-26520 - pgjdbc is an open source postgresql...

Path Traversal

com.netflix.genie: genie-web is vulnerable to Path Traversal. The vulnerability is caused by improper filename validation in the saveAttachments method within LocalFileSystemAttachmentServiceImpl.java, due to missing checks to prevent a filename from starting with ... An attacker can upload a fil...

Command Injection

github.com/1panel-dev/1panel is vulnerable to Command injection. The vulnerability arises from insufficient input sanitization, that allowing attackers to write arbitrary files by exploiting the log retrieval API. This can lead to unauthorized command execution or arbitrary file write...

GHSA-WPCV-5JGP-69F3 Genie Path Traversal vulnerability via File Uploads

Overview Path Traversal Vulnerability via File Uploads in Genie Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any...

1Panel arbitrary file write vulnerability

Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol to achieve arbitrary file writing PoC Dockerfile FROM bash:latest COPY...

CVE-2024-34352 Arbitrary file write vulnerability in 1Panel

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol...

CVE-2024-34352

CVE-2024-34352 affects the 1Panel project (open source Linux server O&M panel). Prior to v1.10.3-lts, command injection vulnerabilities allow arbitrary file writes and can lead to remote code execution. The root cause involves inadequate input filtering and an exploit path using the mirror config...

1Panel arbitrary file write vulnerability

There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol to achieve arbitrary file writing...

PT-2024-25809 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.3-lts Description: The issue is related to command injections in the project that are not well filtered, leading to arbitrary file writes and ultimately to remote code executions RCEs. The mirror configuration...

Pterodactyl Wings vulnerable to Arbitrary File Write/Read

Impact If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. Workarounds Enabling the ignorepanelconfigupdates option or updating to th...

CVE-2024-34066 Arbitrary File Write/Read in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue h...

CVE-2024-34066 Arbitrary File Write/Read in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue h...

CVE-2023-39493

PDF-XChange Editor exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must...

CVE-2023-39463

Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is requir...

CVE-2023-39463

Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is requir...

CVE-2023-39463

Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is requir...

CVE-2023-39461

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required...

CVE-2023-39461

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required...

CVE-2023-39461

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required...