WAGO多款产品 安全漏洞

WAGO PFC100 and others are products of WAGO, Germany.WAGO PFC100 is a programmable logic controller PLC.WAGO CC100 0751-9x01 is a compact controller.WAGO Edge Controller 0752-8303/8000-0002 is a controller. A security vulnerability exists in various WAGO products. The vulnerability stems from a...

MarkUs 代码问题漏洞

MarkUs is a Ruby on Rails and React web application from MarkUs open source for submitting and grading student assignments. A code issue vulnerability exists in MarkUs versions prior to v2.4.8 that stems from the presence of an arbitrary file write vulnerability that allows an authenticated...

MarkUs 代码问题漏洞

MarkUs is a Ruby on Rails and React web application from MarkUs open source for submitting and grading student assignments. A code issue vulnerability exists in MarkUs versions prior to v2.4.8, which stems from the presence of an arbitrary file write vulnerability that allows an authenticated use...

PT-2024-34876 · Markus +1 · Markus +1

Name of the Vulnerable Software and Affected Versions: MarkUs versions prior to 2.4.8 Description: The issue is related to an arbitrary file write vulnerability in the update/upload/create file methods in Controllers, allowing authenticated instructors to write arbitrary files to any location on...

PT-2024-34663 · Markus · Markus

Name of the Vulnerable Software and Affected Versions: MarkUs versions prior to 2.4.8 Description: MarkUs is a web application for the submission and grading of student assignments. An arbitrary file write vulnerability accessible via the update files method of the SubmissionsController allows...

CVE-2023-20004 Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An...

CVE-2023-20004 Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An...

TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write

Hej, Let's keep it short ... ===== Intro ===== A "sudo make me a sandwich" security issue has been identified in the TX Text Control .NET Server for ASP.NET1. According to the vendor2, "the most powerful, MS Word compatible document editor that runs in all browsers". Likely all versions are...

TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write

Hej, Let's keep it short ... ===== Intro ===== A "sudo make me a sandwich" security issue has been identified in the TX Text Control .NET Server for ASP.NET1. According to the vendor2, "the most powerful, MS Word compatible document editor that runs in all browsers". Likely all versions are...

CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

Synology DiskStation Manager (DSM) File Write Vulnerability (Synology-SA-24:20) - Unreliable Remote Version Check

Synology DiskStation Manager DSM is prone to a file write vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Synology DiskStation Manager (DSM) File Write Vulnerability (Synology-SA-24:20) - Remote Known Vulnerable Versions Check

Synology DiskStation Manager DSM is prone to a file write vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-51748

CVE-2024-51748 : Kanboard prior to 1.2.42 contains a path traversal/authenticated admin vulnerability that lets an attacker place a payload PHP file (translations.php) and, via a crafted sqlite.db, load the file path to achieve remote code execution. This requires the attacker to host/upload the ...

CVE-2024-51748 Remote code execution through language setting in kanboard

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...

CVE-2024-51748

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...

CVE-2024-51748 Remote code execution through language setting in kanboard

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...

Path traversal, lead to arbitrary file write, lead to remote code execution

Description Anythingllm use multer library to handle http multi-part file upload. Anything llm use the following code to handle non-ascii file name file.originalname = Buffer.fromfile.originalname, "latin1".toString "utf8" ; This way of manipulating filename is will lead to path traversal. multer...

multer(file upload middleware in express) misused, lead to remote code execution

Description Librechat use multer to handle multi-part file upload. multer library will deal with '../' kind of path traversal, then let the programmer decide the actual filename, then join the path to write the upload the file. this means, if '../' is provided by the user of librechat, multer wil...

CVE-2024-47253

In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege...

SUSE CVE-2024-49380

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...