CVE-2023-39463

The CVE-2023-39463 issue affects Triangle MicroWorks SCADA Data Gateway. The vulnerability lies in the trusted certification feature, specifically how OpcUaSecurityCertificateAuthorityTrustDir is handled, allowing an arbitrary file write with attacker-controlled data. This can let an attacker exe...

CVE-2023-39461 Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required...

CVE-2023-39461 Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required...

CVE-2023-39461

Product and vulnerability context: Triangle MicroWorks SCADA Data Gateway. The issue is an arbitrary file write vulnerability in the handling of event logs, caused by improper sanitization of log output. The weakness can allow an attacker to write arbitrary files and, in combination with other vu...

Delta Electronics DIAEnergie 路径遍历漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. A path traversal vulnerability exists in Delta Electronics DIAEnergie, which can be exploited by an attacker to write an arbitrary file on the system by sending a specially crafted URL...

PT-2024-25677 · Pterodactyl · Pterodactyl Wings

Name of the Vulnerable Software and Affected Versions: Pterodactyl Wings versions prior to 1.11.12 Description: The issue allows an attacker to gain arbitrary file write and read access on a node if the Wings token is leaked, either by viewing the node configuration or posting it accidentally...

Triangle MicroWorks SCADA Data Gateway 安全漏洞

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. Triangle MicroWorks SCADA Data Gateway suffers from an arbitrary file write vulnerability that can be exploited by an attacker to write arbitrary files and execute arbitrary code...

SUSE-SU-2024:1469-1 Security update for docker

This update for docker fixes the following issues: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts bsc1219267 - CVE-2024-23652: Fixed insufficient validation of parent directory on mount bsc1219268 - CVE-2024-23653: Fixed insufficient validation on entitlement on...

Fedora 40 : ghc-base64 / ghc-hakyll / ghc-isocline / ghc-toml-parser / gitit / etc (2024-7d83cbccb6)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-7d83cbccb6 advisory. Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: - backport fixes for CVE-2023-35936 and CVE-2023-38745 pandoc-cli: - new package for pand...

RHEL 8 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3625 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 8 : OpenShift Container Platform 4.8.56 (RHSA-2023:0017)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0017 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 6 / 7 : rh-maven33-plexus-archiver and rh-maven35-plexus-archiver (RHSA-2018:1837)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1837 advisory. The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications c...

RHEL 7 : CloudForms 4.6.5 (RHSA-2018:3466)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3466 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments...

Judge0 CE 安全漏洞

Judge0 CE is an open source online code execution system from Judge0 Open Source. A security vulnerability exists in Judge0 CE versions prior to 1.13.1, which originates from an application that does not take into account a symbolic link placed inside a sandboxed directory, and which can be...

ModelDB Path Traversal Vulnerability

ModelDB is an open source system for machine learning model version control, metadata and experiment management open source by VertaAI. ModelDB suffers from a path traversal vulnerability that arises from improper cleaning of user-supplied file paths in the file upload function. This vulnerabilit...

CVE-2024-1961 Path Traversal leading to Arbitrary File Write and RCE in vertaai/modeldb

vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the 'artifactpath' parameter. This flaw...

CVE-2024-1961 Path Traversal leading to Arbitrary File Write and RCE in vertaai/modeldb

vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the 'artifactpath' parameter. This flaw...

PT-2024-5388 · Duckdb +2 · Duckdb +2

Name of the Vulnerable Software and Affected Versions: Vanna version 0.3.4 Description: The issue is related to the Vanna framework's web interface, specifically with its integration of DuckDB and Flask Web APIs. It allows for SQL injection, enabling attackers to inject malicious SQL training dat...

ModelDB 路径遍历漏洞

ModelDB is an open source system for machine learning model version control, metadata and experiment management open source by VertaAI. ModelDB suffers from a path traversal vulnerability that arises from improper cleaning of user-supplied file paths in the file upload function. This vulnerabilit...

Exploit for CVE-2024-31771

CVE-2024-31771 TotalAV Arbitrary File Write TotalAV version...