CVE-2023-0745

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

CVE-2023-5834

HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0...

CVE-2023-44172

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminweixin.php...

CVE-2023-44171

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminsmtp.php...

CVE-2023-44170

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminping.php...

CVE-2023-43216

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminip.php...

CVE-2023-39966

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

CVE-2023-31472

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied...

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

CVE-2023-32321

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also...

CVE-2023-24804

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal...

CVE-2023-21505

Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox...

CVE-2023-1208

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...

CVE-2023-32317

Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...

CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...

CVE-2023-42248

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vamSql.php"...

CVE-2023-30678

Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file...

CVE-2023-44169

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminnotify.php...

CVE-2023-42661

JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts...