7263 matches found
CVE-2025-66449
ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...
CVE-2025-34181
NetSupport Manager 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server...
CVE-2025-68239 binfmt_misc: restore write access before closing files opened by open_exec()
In the Linux kernel, the following vulnerability has been resolved: binfmtmisc: restore write access before closing files opened by openexec bmregisterwrite opens an executable file using openexec, which internally calls doopenexecat and denies write access on the file to avoid modification while...
CVE-2025-66449 ConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Code Execution
ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...
CVE-2025-66449 ConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Code Execution
ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...
EUVD-2025-203483
ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...
CVE-2025-66449
ConvertX is affected by an arbitrary file write and code execution vulnerability in versions prior to 0.16.0. The issue stems from the /upload endpoint, where the file.name parameter is taken directly from user input without sanitization, enabling an authenticated attacker to overwrite system bin...
CVE-2025-66449 ConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Code Execution
ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from bmregisterwrite not restoring file write permissions, which could cause subsequent write operations to fail...
PT-2025-51348
Name of the Vulnerable Software and Affected Versions ConvertX versions prior to 0.16.0 Description ConvertX is a self-hosted online file converter. The /upload endpoint allows an authenticated user to write arbitrary files on the system, potentially overwriting binaries and enabling code...
EUVD-2025-203378
NetSupport Manager 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server...
CVE-2025-34181
NetSupport Manager 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server...
CVE-2025-34181 NetSupport Manager < 14.12.0001 Authenticated Path Traversal Arbitrary File Write RCE
NetSupport Manager 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server...
CVE-2025-34181 NetSupport Manager < 14.12.0001 Authenticated Path Traversal Arbitrary File Write RCE
NetSupport Manager 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server...
CVE-2025-34181
NetSupport Manager prior to version 14.12.0001 contains an authenticated path traversal and arbitrary file-write vulnerability in the Connectivity Server/Gateway PUTFILE handler. An attacker with a valid Gateway Key can craft a filename with directory traversal sequences to write files to arbitra...
PT-2025-51233
NetSupport Manager 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary locations on the server...
Adobe ColdFusion Improper Input Validation Vulnerability
Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...
NetSupport Manager 安全漏洞
NetSupport Manager is a remote control software from NetSupport Manager, Inc. A security vulnerability exists in NetSupport Manager versions prior to 14.12.0001 that stems from the presence of an arbitrary file write in the Connectivity Server/Gateway PUTFILE request handler, which could lead to...
Arbitrary File Write
fontTools is vulnerable to an arbitrary file write. The vulnerability is due to improper handling of malicious .designspace files in the fontTools.varLib module, which allows an attacker to achieve remote code execution by writing arbitrary files when processed...
Directory Traversal
Dosage is vulnerable to Directory Traversal. The vulnerability is due to improper handling of file extensions derived from the HTTP Content-Type header, which allows an attacker to write arbitrary files outside the intended directory...