CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

PT-2023-20541 · Unknown · Mcfeeder Server

Name of the Vulnerable Software and Affected Versions: McFeeder server distributed as part of SSW package affected versions not specified Description: The McFeeder server is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This issue stems from the use of an...

ABUS TVIP Security Vulnerability

ABUS TVIP is a series of video surveillance cameras from the German company ABUS. A security vulnerability exists in ABUS TVIP that stems from the presence of path traversal, which allows an attacker to write to a file to arbitrarily execute code with root privileges...

SUSE CVE-2023-46122

sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...

Arbitrary File Write

sbt is vulnerable to Path Traversal. The vulnerability is a result of the absence of path sanitization in the IO.scala file. This oversight allows an attacker to access files outside the expected directory and write arbitrary files. An attacker can exploit this vulnerability by providing a...

sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)

Impact Given specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. The follow is an example of a malicious entry: +2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorizedkeys This would have a potential to overwrite /root/.ssh/authorizedkeys. Within sbt's ma...

GHSA-H9MW-GRGX-2FHF sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)

Impact Given specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. The follow is an example of a malicious entry: +2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorizedkeys This would have a potential to overwrite /root/.ssh/authorizedkeys. Within sbt's ma...

CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt

sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...

CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt

sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...

sbt path traversal vulnerability

sbt is a build tool for Scala, Java and more. A security vulnerability exists in versions prior to sbt 1.9.7, which stems from a vulnerability that allows attackers to write arbitrary files via specially crafted zip or JAR files...

Exploit for Incorrect Authorization in Vmware Aria_Operations_For_Logs

CVE-2023-34051 CVE-2023-34051 is an authentication bypass tha...

CVE-2023-45685 Arbitrary file write via "zip slip" in Titan MFT and Titan SFTP servers

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal...

South River Technologies TitanFTP NextGen Path Traversal Vulnerability

South River Technologies TitanFTP NextGen South River Technologies Titan FTP NextGen is a natively supported cluster for high availability and failover SFTP/ FTP server. A security vulnerability exists in South River Technologies TitanFTP NextGen that stems from insufficient validation of paths...

PT-2023-6213 · South River Technologies · Titan Mft +1

Name of the Vulnerable Software and Affected Versions: South River Technologies' Titan MFT and Titan SFTP servers affected versions not specified Description: The issue is related to insufficient path validation when extracting a zip archive, allowing an authenticated attacker to write a file to...

Exploit for Path Traversal in Fit2Cloud Jumpserver

CVE-2023-42819 CVE-2023-42819 Description of the Vulne...

CVE-2023-43070

Dell SmartFabric Storage Software v1.4 and earlier contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container...

Arbitrary File Write

github.com/schollz/croc is vulnerable to Arbitrary File Write through crafted File Paths. The vulnerability is due to the Croc protocol which allows senders to specify sn arbitrary path for a file transfer. If the recipient doesn't already have a file with the same name, an attacker can exploit...

CVE-2023-44169

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminnotify.php...

CVE-2023-44172

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminweixin.php...

CVE-2023-44171

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminsmtp.php...