SUSE CVE-2024-55659

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

Rockwell Automation Arena 安全漏洞

Rockwell Automation Arena is a discrete event simulation and automation software from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation Arena. An attacker could exploit the vulnerability to write to a DOE file beyond the allocated memory...

Directory Traversal

Overview pghoard is a PostgreSQL automatic backup/restore service daemon Affected versions of this package are vulnerable to Directory Traversal that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard. Note: Depending on the permissions/privileges assign...

Arbitrary File Write

github.com/siyuan-note/siyuan is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of the /api/asset/upload endpoint, which allows arbitrary file writing to the host and enables stored cross-site scripting via the file upload mechanism...

CVE-2024-12687

Deserialization of Untrusted Data vulnerability in PlexTrac Runbooks modules which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1...

CVE-2024-12687 Insecure YAML Deserialization

Deserialization of Untrusted Data vulnerability in PlexTrac Runbooks modules which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1...

CVE-2024-12687

CVE-2024-12687 describes a deserialization of untrusted data vulnerability in PlexTrac (Runbooks modules) that enables Object Injection and arbitrary file writes. Affected versions are PlexTrac 1.61.3 up to before 2.8.1. The issue arises from deserializing untrusted data, which can lead to high-s...

CVE-2024-12642

TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs...

CVE-2024-12642

TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs...

CVE-2024-12642 Chunghwa Telecom TenderDocTransfer - Arbitrary File Write

TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs...

CVE-2024-12642 Chunghwa Telecom TenderDocTransfer - Arbitrary File Write

TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs...

CVE-2024-12642

TenderDocTransfer from Chunghwa Telecom is affected by an Arbitrary File Write vulnerability, with a Relative Path Traversal in one API. The issue arises from CSRF protection gaps allowing unauthenticated remote attackers to abuse APIs (e.g., via phishing) and write arbitrary files to paths on a ...

Chunghwa Telecom TenderDocTransfer 安全漏洞

Chunghwa Telecom TenderDocTransfer is an application from Chunghwa Telecom China. A security vulnerability exists in Chunghwa Telecom TenderDocTransfer, which stems from the presence of arbitrary file writes and lack of CSRF protection, as well as a relative path traversal vulnerability in the AP...

PT-2024-17686 · Chunghwa Telecom · Tenderdoctransfer

Name of the Vulnerable Software and Affected Versions: TenderDocTransfer from Chunghwa Telecom affected versions not specified Description: The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the API...

CVE-2024-11833

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1...

CVE-2024-11839

CVE-2024-11839 affects PlexTrac, specifically the Runbooks modules, where deserialization of untrusted data enables object injection and arbitrary file writes. Affected versions are PlexTrac 1.61.3 through before 2.8.1. The issue is a server-side deserialization flaw with network exposure and no ...

CVE-2024-11834 Arbitrary File Write via PTRAC Import

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1...

CVE-2024-11834 Arbitrary File Write via PTRAC Import

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1...

CVE-2024-11834

CVE-2024-11834 is a path traversal vulnerability in PlexTrac (versions 1.61.3 through 2.8.1) caused by improper limitation of a pathname to a restricted directory, enabling arbitrary file writes. Connected documents corroborate affected software and the root cause; PT-2024 notes a fix is present ...

CVE-2024-11833 Arbitrary Directory Write via Runbooks Artifact Upload

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1...