7213 matches found
GHSA-CXWW-7G56-2VH6 @actions/download-artifact has an Arbitrary File Write via artifact extraction
Impact Versions of actions/download-artifact before 4.1.3 are vulnerable to arbitrary file write when downloading and extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 4.1.3 or higher. Alternatively use 'v4' tag which points to the lates...
@actions/download-artifact has an Arbitrary File Write via artifact extraction
Impact Versions of actions/download-artifact before 4.1.3 are vulnerable to arbitrary file write when downloading and extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 4.1.3 or higher. Alternatively use 'v4' tag which points to the lates...
GHSA-6Q32-HQ47-5QQ3 @actions/artifact has an Arbitrary File Write via artifact extraction
Impact Versions of actions/artifact before 2.1.7 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 2.1.7 or...
@actions/artifact has an Arbitrary File Write via artifact extraction
Impact Versions of actions/artifact before 2.1.7 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 2.1.7 or...
@actions/artifact has an Arbitrary File Write via artifact extraction
Versions of actions/artifact before 2.1.7 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted artifact that contains path traversal filenames...
CVE-2024-42471
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...
CVE-2024-42471 Arbitrary File Write via artifact extraction in actions/artifact
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...
CVE-2024-42471 Arbitrary File Write via artifact extraction in actions/artifact
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...
CVE-2024-42471 Arbitrary File Write via artifact extraction in actions/artifact
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...
CVE-2024-42471
CVE-2024-42471 affects the GitHub Toolkit component actions/artifact (2.x) prior to 2.1.2 , where extracting artifacts with path traversal filenames via downloadArtifactInternal , downloadArtifactPublic , or streamExtractExternal can cause an arbitrary file write. Affected advisories also referen...
PT-2024-29968 · Github · Actions/Artifact
Name of the Vulnerable Software and Affected Versions: actions/artifact versions 2.0.0 through 2.1.1 actions/artifact versions 2.1.2 through 2.1.6 Description: The issue concerns arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for...
Microsoft Exchange ProxyLogon Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework begin auxiliary class class MetasploitModule 'Microsoft Exchange ProxyLogon Scanner', 'Description' = %q This module scan for a vulnerability on Microsoft Exchange Serve...
Exploit for Improper Input Validation in Cacti
CVE-2024-25641 - Cacti 1.2.26 - Arbitrary file write to RCE 🌵...
Exploit for Improper Input Validation in Cacti
CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26 Fully auto...
GHSA-6JRJ-VC65-C983 unzip-stream allows Arbitrary File Write via artifact extraction
Impact When using the Extract method of unzip-stream, malicious zip files were able to write to paths they shouldn't be allowed to. Patches Fixed in 0.3.2 References - https://snyk.io/research/zip-slip-vulnerability - https://github.com/mhr3/unzip-stream/compare/v0.3.1...v0.3.2 Credits Justin Taf...
nodejs: fs.fchown/fchmod bypasses permission model
A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner...
CVE-2024-45256
An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...
CVE-2024-45256
An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...
CVE-2024-45256
An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...
CVE-2024-45256
An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...