CVE-2025-27410 PwnDoc Arbitrary File Write to RCE using Path Traversal in backup restore as admin

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included .js file and restarting the...

CVE-2024-34014

Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension for Plesk Linux...

CVE-2025-24832

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...

CVE-2025-24832

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...

CVE-2025-24832

CVE-2025-24832 affects Acronis Backup plugin for cPanel & WHM (Linux) and Acronis Backup extension for Plesk (Linux). The root cause is improper handling of symbolic links, leading to arbitrary file overwrite during home directory recovery. Affected versions are: plugin 1.8.4.866 and earlier, plu...

CVE-2025-24832

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...

PT-2025-9037 · Acronis · Acronis Backup Plugin For Cpanel & Whm +1

Name of the Vulnerable Software and Affected Versions: Acronis Backup plugin for cPanel & WHM Linux versions 1.8.4.866 and earlier Acronis Backup plugin for cPanel & WHM Linux versions 1.9.1.892 and earlier Acronis Backup extension for Plesk Linux versions 1.8.7.615 and earlier Description: The...

Acronis Backup plugin for cPanel & WHM (Linux)和Acronis Backup extension for Plesk (Linux) 安全漏洞

Acronis Backup plugin for cPanel & WHM Linux and Acronis Backup extension for Plesk Linux are both plug-ins from Acronis Switzerland. A security vulnerability exists in Acronis Backup plugin for cPanel & WHM Linux and Acronis Backup extension for Plesk Linux, which stems from improper handling of...

CVE-2025-1204

The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to...

CVE-2024-49780

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

RaspberryMatic 3.73.9.20240130 Remote Code Execution Exploit

RaspberryMatic / OCCU contains a unauthenticated remote code execution vulnerability, caused by multiple issues within the Java based HMIPServer.jar component. The webui allows for Firmware uploads which can be reached through the URL /pages/jpages/system/DeviceFirmware/addFirmware. This allows a...

RaspberryMatic 3.73.9.20240130 Remote Code Execution

RaspberryMatic / OCCU contains a unauthenticated remote code execution vulnerability, caused by multiple issues within the Java based HMIPServer.jar component. The webui allows for Firmware uploads which can be reached through the URL /pages/jpages/system/DeviceFirmware/addFirmware. This allows a...

CVE-2024-49780

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

CVE-2024-49780

CVE-2024-49780 affects IBM OpenPages with Watson 8.3 and 9.0. The vulnerability arises from path traversal in the Import Configuration file-name parameter, allowing a privileged attacker to write files outside the intended directory and potentially overwrite arbitrary files. IBM’s Security Bullet...

CVE-2024-49780 IBM OpenPages path traversal

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences /../ in the file name parameter used in...

hornetq-core-client: Arbitrarily overwrite files or access sensitive information

A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information...

hornetq-core-client: Arbitrarily overwrite files or access sensitive information

A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.21 (RHSA-2025:1638)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1638 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.21 (RHSA-2025:1637)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1637 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat...

K000149808: Python tarfile vulnerability CVE-2007-4559

Security Advisory Description Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...