Tenable Nessus <= 10.8.4 File Overwrite (TNS-2025-13)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior or equal to 10.8.4. It is, therefore, affected by a file overwrite vulnerability as referenced in the TNS-2025-13 advisory. - In Tenable Nessus versions prior to 10.8.5 on a Windows host, it...

CVE-2025-36630

In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileUploadHandler function in the rest.go file. An attacker can overwrite arbitrary files owned by the application user by uploading files with crafted path names, potentially modifying application behavior o...

Directory Traversal

billz/raspap-webgui is vulnerable to Directory Traversal. The vulnerability is due to improper input validation due to the entity parameter in ajax/networking/getwgkey.php allowing crafted POST requests that leverage the tee command to overwrite arbitrary files writable by the web server...

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

CVE-2025-3771

A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the...

CVE-2025-49153

The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code...

raspap-webgui has a Directory Traversal vulnerability

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

CVE-2025-44163

CVE-2025-44163 affects RaspAP raspap-webgui 3.3.1. Affected component: ajax/networking/get_wgkey.php. Issue: Directory Traversal via a crafted POST payload in the entity parameter, enabling an authenticated attacker to abuse shell execution (tee) to overwrite arbitrary files writable by the web s...

CVE-2025-3722

A path traversal vulnerability in System Information Reporter SIR 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and...

CVE-2025-49153

The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code...

CVE-2025-49153 Path Traversal in MICROSENS NMP Web+

The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code...

CVE-2025-49153

CVE-2025-49153 is a path-traversal flaw in MICROSENS NMP Web+ that allows an unauthenticated attacker to overwrite files and execute arbitrary code. Several sources (NVD/NVD-like, CVE lists, and CISA ICS advisory ICSA-25-175-07) describe the issue as unauthenticated and capable of arbitrary code ...

CVE-2025-39202

A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption...

[ASA-202506-8] erlang: arbitrary file overwrite

Arch Linux Security Advisory ASA-202506-8 ========================================= Severity: Medium Date : 2025-06-19 CVE-ID : CVE-2025-4748 Package : erlang Type : arbitrary file overwrite Remote : No Link : https://security.archlinux.org/AVG-2900 Summary ======= The package erlang before versi...

File Overwrite

Salt is vulnerable to File overwrite. The vulnerability is due to unvalidated input used to construct paths in the VirtKey class when handling “on-demand pillar” data, allowing unauthorized file overwrites in the default configuration...

CVE-2025-32799

The Conda-build contains commands and tools to build Conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. This flaw allows attackers to craft tar archives containing entries with...

CVE-2025-32799 Conda-build Vulnerable to Path Traversal via Malicious Tar File

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...