CVE-2023-34402

CVE-2023-34402 affects Mercedes‑Benz head‑unit NTG6. The vulnerability arises when importing/exporting profile settings over USB: an embedded file can encapsulate another file and, due to missing checks during processing, allows Arbitrary File Write with the rights of the speech service. Public d...

CVE-2023-34402

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...

CVE-2023-34402

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights...

Directory Traversal

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Directory Traversal that could enable privilege escalation for a privileged attacker. Details A Directory Traversal attack also known as path traversal aims to access files...

CVE-2024-13059

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

CVE-2024-13059

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

CVE-2024-13059

CVE-2024-13059 affects mintplex-labs/anything-llm prior to 1.3.1. The vulnerability arises from improper handling of non-ASCII filenames in the multer library, where filename transformations can introduce ../ sequences that are not sanitized. This enables path traversal and arbitrary file writes ...

CVE-2024-13059 Path Traversal in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

CVE-2024-13059 Path Traversal in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

PT-2025-6084

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.3.1 Description: A vulnerability exists in mintplex-labs/anything-llm due to improper handling of non-ASCII filenames within the multer library. This can lead to path traversal, allowing attacker...

PT-2025-6035 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2024-5183 - CVE-2020-32262: Oracle Net Suite EnterpriseOne Client-Server Arbitrary File Write", "Content": "CVE ID : CVE-2024-5183 Published : Feb. 8, 2025, 10:15 p.m. | 2 hours, 8 minutes ago Description : Rejected reason: This CVE ID has been rejected or...

PT-2025-6034 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2024-5183 - CVE-2020-32262: Oracle Net Suite EnterpriseOne Client-Server Arbitrary File Write", "Content": "CVE ID : CVE-2024-5183 Published : Feb. 8, 2025, 10:15 p.m. | 2 hours, 8 minutes ago Description : Rejected reason: This CVE ID has been rejected or...

CVE-2025-0799

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories...

SFTPGo 操作系统命令注入漏洞

SFTPGo is a full-featured and highly configurable SFTP server from the individual developer Nicola Murino in Italy. SFTPGo suffers from an operating system command injection vulnerability that stems from a lack of cleanup of the rsync command, allowing remote users to read or write files...

CVE-2022-21675

Bytecode Viewer BCV is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames e.g...

CVE-2025-0799

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories...

CVE-2025-0799 IBM App Connect Enterprise Arbitrary File Write

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories...

CVE-2025-0799

Summary: CVE-2025-0799 affects IBM App Connect Enterprise and related Certified Container components. An authenticated user could exploit a path traversal flaw during bar configuration deployment to write arbitrary files, due to improper pathname restrictions on restricted directories. Affected v...

CVE-2025-0799 IBM App Connect Enterprise Arbitrary File Write

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories...

CVE-2022-36990

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from...