CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

CVE-2019-14413

cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets SEC-476...

CVE-2010-3101

Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." dot dot backslash in a filename...

CVE-2018-20882

cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change SEC-447...

CVE-2018-1000649

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...

CVE-2011-5294

The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in LTCML14n.dll 14.0.0.34 in Kofax e-Transactions Sender Sendbox 2.5.0.933 allows remote attackers to write to arbitrary files via a pathname in the first argument...

CVE-2011-5293

The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allows remote attackers to write to arbitrary files via a pathname in the argument...

CVE-2011-5290

The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control in UniBasic100EDA1811C.ocx in IDrive Online Backup 3.4.0 allows remote attackers to write to arbitrary files via a pathname in the first argument...

CVE-2011-5289

The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in ChilkatCrypt2.dll in aTube Catcher 2.3.570 allows remote attackers to write to arbitrary files via a pathname in the argument...

CVE-2013-3574

Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath aka mount parameter...

CVE-2025-34027 Versa Concerto Authentication Bypass File Write Remote Code Execution

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use TOCTOU write in combination...

CVE-2025-34027 Versa Concerto Authentication Bypass File Write Remote Code Execution

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use TOCTOU write in combination...

CVE-2025-1712 Arbitrary file write with vcrtrace

Argument injection in special agent configuration in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files...

CVE-2025-1712 Arbitrary file write with vcrtrace

Argument injection in special agent configuration in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files...

CVE-2025-1712

CVE-2025-1712 affects Checkmk: argument/injection in a special agent configuration across versions <2.4.0p1, <2.3.0p32,

PT-2025-22330 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.4.0p1 Checkmk versions prior to 2.3.0p32 Checkmk versions prior to 2.2.0p42 Checkmk version 2.1.0 Description: The issue allows authenticated attackers to write arbitrary files due to argument injection in special...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform from Checkmk, Inc. A security vulnerability in Checkmk versions prior to 2.4.0p1, prior to 2.3.0p32, prior to 2.2.0p42, and version 2.1.0, which stems from a parameter injection in a special agent configuration allows an authenticated attacker to write arbitra...

The vulnerability of the centralized network management system, Cisco Catalyst SD-WAN Manager (formerly Cisco SD-WAN vManage), arises from incorrect path name restrictions in the access-restricted directory. This allows attackers to write arbitrary files.

The vulnerability of the centralized network management system, Cisco Catalyst SD-WAN Manager formerly Cisco SD-WAN vManage, is related to incorrect restrictions on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files...

Fortinet FortiClient EMS < 7.4.3 Path Traversal (FG-IR-24-552)

A Relative Path Traversal vulnerability CWE-23 in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests. Note that Nessus has not tested for this issue...

GHSA-5RJG-FVGR-3XXF setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

Summary A path traversal vulnerability in PackageIndex was fixed in setuptools version 78.1.1 Details def downloadurlself, url, tmpdir: Determine download filename name, fragment = egginfoforurlurl if name: while '..' in name: name = name.replace'..', '.'.replace'\', '' else: name = "downloaded"...