CVE-2025-24343

CVE-2025-24343 affects ctrlX OS via the web app’s “Manages app data” function. The vulnerability allows a remote authenticated, low-privilege attacker to write arbitrary files to arbitrary filesystem paths through a crafted HTTP request. Several sources corroborate the same flaw, with no publicly...

📄 unzip-stream 0.3.1 Arbitrary File Write

unzip-stream version 0.3.1 suffers from an arbitrary file write vulnerability. Exploit Title: unzip-stream 0.3.1 - Arbitrary File Write Date: 18th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mhr3/unzip-stream Version: unzip-stream 0.3.1 Tested on: Ubunt...

unzip-stream 0.3.1 - Arbitrary File Write

Exploit Title: unzip-stream 0.3.1 - Arbitrary File Write Date: 18th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mhr3/unzip-stream Version: unzip-stream 0.3.1 Tested on: Ubuntu CVE: CVE-2024-42471 NB: Python's built-in zipfile module has limitations on t...

CVE-2025-46347

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...

CVE-2025-46347

CVE-2025-46347 YesWiki is a remote code execution vulnerability in YesWiki up to version 4.5.3 (patched in 4.5.4). The issue allows an arbitrary file write and execution when a PHP file is created via a user-writable directory, enabling an attacker to browse the PHP file and run code on the serve...

CVE-2025-46347 YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...

CVE-2025-46347 YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...

CVE-2025-46347 YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...

GHSA-88XG-V53P-FPVF YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

Summary An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server. All testing was performed on a local docker setup running the latest version of the application. PoC Proof of Concept Navigate to...

YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

Summary An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server. All testing was performed on a local docker setup running the latest version of the application. PoC Proof of Concept Navigate to...

YesWiki 安全漏洞

YesWiki is a wiki system written in PHP by the French organization YesWiki. It is used to create and manage websites in a collaborative manner. A security vulnerability exists in versions of YesWiki prior to 4.5.4 that originates from an arbitrary file write and could lead to remote code executio...

PT-2025-18195 · Yeswiki · Yeswiki

Name of the Vulnerable Software and Affected Versions: YesWiki versions prior to 4.5.4 Description: YesWiki, a wiki system written in PHP, is susceptible to remote code execution. This issue arises from an arbitrary file write capability, which can be exploited to create a file with a PHP...

PT-2025-18257 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary files in arbitrary file...

CVE-2025-3300 WPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and Write

The WPMasterToolKit WPMTK – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and modify the contents of arbitrary files on...

CVE-2025-23250

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering...

CVE-2025-23250

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering...

CVE-2025-23250

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering...

CVE-2025-23250

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering...

CVE-2025-23250

CVE-2025-23250 – NVIDIA NeMo Framework : A path traversal vulnerability exists in NVIDIA NeMo Framework from an improper limitation of a pathname to a restricted directory, enabling an arbitrary file write. Reports across multiple sources (NVD, Red Hat, Alpine, CNNVD, PT-Security, and NVIDIA advi...

CVE-2025-23250

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering...