CVE-2024-46986

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...

CVE-2024-46986 Arbitrary file write leading to RCE in Camaleon CMS

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...

CVE-2024-46986

Camaleon CMS (Ruby on Rails) has an authenticated arbitrary file write vulnerability in the MediaController upload flow that lets an attacker write files to arbitrary server paths (depending on filesystem permissions). A crafted payload can place a Ruby file under config/initializers, potentially...

CVE-2024-46986 Arbitrary file write leading to RCE in Camaleon CMS

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...

CVE-2024-46986 Arbitrary file write leading to RCE in Camaleon CMS

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...

GHSA-WMJG-VQHV-Q5P5 Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...

Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...

CamaleonCMS 注入漏洞

CamaleonCMS is an advanced RubyonRails-based dynamic content management system CMS from the CamaleonCMS team. An injection vulnerability exists in CamaleonCMS version 2.8.0, which stems from the presence of an arbitrary file write vulnerability that allows an authenticated user to write arbitrary...

PT-2024-32320 · Unknown · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Camaleon CMS versions prior to 2.8.2 Description: An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS...

The vulnerability of the generate_filename() function in the django.core.files.storage.Storage class of the Django web application framework allows a malicious actor to write arbitrary files.

The vulnerability of the generatefilename function in the django.core.files.storage.Storage class of the Django web application framework is related to an incorrect path name limitation for restricted directories. Exploiting this vulnerability could allow a malicious actor to write arbitrary file...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in buffer overflows in the stack, allowing attackers to write arbitrary files to the file system.

The vulnerability of Adobe After Effects video and dynamic image editing software relates to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to write arbitrary files to the file system using a specially created malicious file...

Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS version 13.7, which originates from unzipping a maliciously crafted archive could allow an attacker to write arbitrary files...

PT-2024-22100 · Apple · Visionos +6

Name of the Vulnerable Software and Affected Versions: macOS Ventura versions 13.0 through 13.6 iOS versions 17.0 through 17.6 iPadOS versions 17.0 through 17.6 macOS Sonoma versions 14.0 through 14.6 macOS Sequoia versions 15.0 affected versions not specified for visionOS Description: A race...

PT-2024-31002 · Apple · Macos Sonoma +6

Name of the Vulnerable Software and Affected Versions: macOS Ventura versions prior to 13.7 visionOS versions prior to 2 iOS versions prior to 18 iPadOS versions prior to 18 macOS Sonoma versions prior to 14.7 macOS Sequoia versions prior to 15 Description: An app may be able to overwrite arbitra...

PT-2024-31513

Name of the Vulnerable Software and Affected Versions BYOB affected versions not specified Description The issue concerns unauthenticated remote code execution on BYOB via arbitrary file write. A research paper was written on this topic, but there was an incident involving the theft of this...

UBUNTU-CVE-2024-45593

Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root...

CVE-2024-21753

Fortinet FortiClientEMS is affected by a path traversal vulnerability (CVE-2024-21753) across multiple releases: 1.2.1–1.2.5, 6.0.0–6.0.8, 6.2.0–6.2.9, 6.4.0–6.4.9, 7.0.0–7.0.13, and 7.2.0–7.2.4. The issue stems from improper limitation of a pathname to a restricted directory, allowing a remote a...

PT-2025-3965 · Sante · Sante Pacs Server Dcm

Name of the Vulnerable Software and Affected Versions: Sante PACS Server DCM affected versions not specified Description: The issue is a Directory Traversal Arbitrary File Write Vulnerability that allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. No...

PT-2025-3964 · Sante · Sante Pacs Server Web Portal Dcm

Name of the Vulnerable Software and Affected Versions: Sante PACS Server Web Portal DCM affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this issue. The...