CVE-2024-49421

CVE-2024-49421 describes a path traversal flaw in Samsung Quick Share Agent. Affected: Android 12 (before 3.5.14.47), Android 13 (before 3.5.19.41), Android 14 (before 3.5.19.42). Root cause: improper validation of user-supplied path leading to arbitrary file writes. Impact: adjacent attackers co...

Directory Traversal

Overview preqs is an A simple and fast requirements.txt file generator. Affected versions of this package are vulnerable to Directory Traversal due to improper path sanitization in the ArgParser.sanitisepath method. An attacker could manipulate the PATH argument to traverse directories using ".."...

PT-2024-10123 · Rsync +10 · Rsync +10

The issue is related to rsync, a software package used for synchronizing files across different locations. A path traversal flaw was discovered in rsync when the --safe-links option is used. This flaw allows an attacker to write files arbitrarily outside the intended directory due to rsync's...

CVE-2024-7243

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2024-7241

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

Judge0 Sandbox Escape Exploit

Judge0 does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2024-51499

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...

CVE-2024-51743

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server...

CVE-2024-51743 Arbitrary File Write leading up to remote code execution (instructor accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server...

CVE-2024-51743 Arbitrary File Write leading up to remote code execution (instructor accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server...

CVE-2024-51743 Arbitrary File Write leading up to remote code execution (instructor accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server...

CVE-2024-51743

CVE-2024-51743 affects MarkUs up to version 2.4.8, where an arbitrary file-write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write files to locations on the server. The underlying issue can lead to delayed remote code execution if a Ru...

CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...

CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...

CVE-2024-51499

CVE-2024-51499 (MarkUs) : Affected software is MarkUs web app (Rails) versions before 2.4.8. The root cause is an arbitrary file write vulnerability exposed through the SubmissionsController.update_files method, allowing authenticated users (e.g., students) to write files to arbitrary server path...

CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...

CVE-2024-41973

A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges...

CVE-2024-41973 WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices

A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges...

CVE-2024-41973

CVE-2024-41973 enables a low-privileged remote attacker to specify an arbitrary file on the filesystem, which may lead to arbitrary file writes with root privileges . The vulnerability is documented across multiple sources as affecting WAGO devices (e.g., CC100 0751-9x01, Edge Controller 0752-830...

CVE-2024-41973 WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices

A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges...