7250 matches found
GHSA-33PR-M977-5W97 Soft Serve vulnerable to arbitrary file writing through SSH API
Attackers can create/override arbitrary files with uncontrolled data. For a PoC, spin up an instance of soft-serve as explained in the README, and execute the following command: sh ssh -p23231 localhost repo commit icecream -- --output=/tmp/pwned It should have created a file in /tmp/pwned...
Soft Serve vulnerable to arbitrary file writing through SSH API
Attackers can create/override arbitrary files with uncontrolled data. For a PoC, spin up an instance of soft-serve as explained in the README, and execute the following command: sh ssh -p23231 localhost repo commit icecream -- --output=/tmp/pwned It should have created a file in /tmp/pwned...
CVE-2025-55824
ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write malicious files and execute malicious commands to obtain sensitive data on the server...
CVE-2025-55824
ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write malicious files and execute malicious commands to obtain sensitive data on the server...
GHSA-9GH8-9R95-3FC3 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
Summary The vulnerability allows any user to overwrite any files available under the account privileges of the running process. Details As part of static analysis, iOS MobSF supports loading and parsing statically linked libraries .a. When parsing such archives, the code extracts the embedded...
CVE-2025-58162
MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1...
CVE-2025-58162
Summary: CVE-2025-58162 affects MobSF. An authenticated user uploading a specially crafted .a archive can write arbitrary files to any location writable by the MobSF process, due to improper handling of absolute paths during AR extraction (ar_extract writes Path(dst)/filtered without validating a...
CVE-2025-58162 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1...
CVE-2025-58162 MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1...
PT-2025-35522
Name of the Vulnerable Software and Affected Versions: MobSF version 4.4.0 Description: MobSF is a mobile application security testing tool. An authenticated user who uploaded a specially prepared one.a file could write arbitrary files to any directory writable by the user of the MobSF process...
ModStartCMS 安全漏洞
ModStartCMS is a Laravel-based modular extremely fast development framework from ModStart. A security vulnerability exists in ModStartCMS version v9.5.0, which originates from an arbitrary file write and could lead to the execution of malicious commands to obtain sensitive data...
CVE-2025-55824
CVE-2025-55824 relates to ModStartCMS v9.5.0, which is affected by an arbitrary file-write vulnerability. The vulnerability enables an attacker to write arbitrary files on the server and, as described in sources, execute malicious commands to obtain sensitive data. The CVE’s metrics indicate a ne...
CVE-2025-55824
ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write malicious files and execute malicious commands to obtain sensitive data on the server...
PT-2025-35593
Name of the Vulnerable Software and Affected Versions: ModStartCMS version 9.5.0 Description: ModStartCMS version 9.5.0 contains an arbitrary file write issue. This allows attackers to write malicious files and execute malicious commands, potentially leading to the compromise of sensitive data on...
CVE-2025-55824
ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write malicious files and execute malicious commands to obtain sensitive data on the server...
CVE-2025-58158
Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...
Linux Distros Unpatched Vulnerability : CVE-2024-0402
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper sanitization of the upload path in the upload process. An attacker can write arbitrary files to any location on the file system, potentially compromising the server, by sending a crafted upload request...
CVE-2025-58158
Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...
CVE-2025-58158
CVE-2025-58158 affects Harness Open Source Gitness (git LFS server). Prior to version 3.3.0, the upload git LFS file API allowed arbitrary file writes due to improper sanitization of the upload path, enabling a malicious authenticated user with access to the Harness Gitness API to write files any...