PT-2023-27178 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions 1.4.3 Description: An arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It that receives JSON data sent by users in the form o...

Missing Authorization

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...

PrestaShop SQL manager vulnerability

Impact Remote code execution through SQL injection and arbitrary file write in back office Patches 1.7.8.10 8.0.5 8.1.1 Found by Truff via yeswehack Workarounds none References none...

GHSA-GF46-PRM4-56PC PrestaShop SQL manager vulnerability

Impact Remote code execution through SQL injection and arbitrary file write in back office Patches 1.7.8.10 8.0.5 8.1.1 Found by Truff via yeswehack Workarounds none References none...

The vulnerability of the Ivanti Endpoint Manager Mobile (EPMM) application for managing the lifecycle of mobile devices and mobile applications (formerly known as MobileIron Core) lies in the improper restriction of the path name to the restricted directory. This allows a malicious user to write arbitrary files.

The vulnerability of the Ivanti Endpoint Manager Mobile EPMM application for managing the lifecycle of mobile devices and mobile applications formerly known as MobileIron Core is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could...

Siemens RUGGEDCOM CROSSBOW 访问控制错误漏洞

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP compliant access to smart electronic devices. An authentication vulnerability in Siemens RUGGEDCOM CROSSBOW that lacks critical functionality can be exploited by an attacker to write arbitrary files to the file...

CVE-2023-39526

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

Sql injection

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

CVE-2023-39526 PrestaShopSQL manager vulnerability (potential RCE)

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

CVE-2023-39526

PrestaShop has a CVE-2023-39526 vulnerability: remote code execution via SQL injection and arbitrary file write in the back office. Affected versions are before 1.7.8.10, 8.0.5, and 8.1.1; these versions contain patches. The advisory references indicate a fix in those versions, with no publicly d...

CVE-2023-39526 PrestaShopSQL manager vulnerability (potential RCE)

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

CVE-2023-39526 PrestaShopSQL manager vulnerability (potential RCE)

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

PT-2023-26997 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 1.7.8.10 PrestaShop versions prior to 8.0.5 PrestaShop versions prior to 8.1.1 Description: PrestaShop is an open source e-commerce web application. The issue concerns remote code execution through SQL injection a...

(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2023-38951

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...

CVE-2023-35081

A path traversal vulnerability in Ivanti EPMM versions 11.10.x 11.10.0.3, 11.9.x 11.9.1.2 and 11.8.x 11.8.1.2 allows an authenticated administrator to write arbitrary files onto the appliance. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2023-35081 - Remote Arbitrary File Write

A vulnerability has been discovered in Ivanti Endpoint Manager Mobile EPMM, formerly known as MobileIron Core. This vulnerability impacts all supported versions –releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. This vulnerability is different from CVE-2023-35078, released ...

CVE-2023-38745

An arbitrary file write vulnerability was found in Haskell's Pandoc. This issue can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option or outputting to PDF format. This may allow an attacker to create or overwrite...

CVE-2023-35936

An arbitrary file write vulnerability was found in Haskell's Pandoc. This issue can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option or outputting to PDF format. This may allow an attacker to create or overwrite...

Arbitrary File Write

pandoc is vulnerable to Arbitrary File Write. By providing a constructed picture element as input while creating files with the --extract-media option or outputting to PDF format, an arbitrary file write vulnerability may be exploited. This vulnerability affects systems that enable pandoc to outp...