Meshery 安全漏洞

Meshery is a software application. A multi-service grid management plane that provides lifecycle, configuration and performance management of service grids and their workloads. A security vulnerability exists in Meshery versions prior to 0.7.22, which stems from the presence of a SQL injection...

CVE-2024-34060

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...

CVE-2024-34060 Arbitrary File Write in IRIS EVTX Pipeline

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...

CVE-2024-34060 Arbitrary File Write in IRIS EVTX Pipeline

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...

CVE-2024-34060

CVE-2024-34060 affects IrisEVTXModule, an interface plugin used with Evtx2Splunk and Iris to ingest Microsoft EVTX logs via the iris-web pipeline. The vulnerability arises from unsafe handling of EVTX filenames during upload, enabling Arbitrary File Write and potentially remote code execution (RC...

CVE-2024-34060 Arbitrary File Write in IRIS EVTX Pipeline

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...

PT-2024-26363 · Meshery · Meshery

Name of the Vulnerable Software and Affected Versions: Meshery versions prior to 0.7.22 Description: A SQL injection vulnerability may lead to arbitrary file write by using a SQL injection stacked queries payload, and the ATTACH DATABASE command. Attackers may be able to access and modify any dat...

PT-2024-4070 · Unknown · Spring Cloud Data Flow

Name of the Vulnerable Software and Affected Versions: Spring Cloud Data Flow affected versions not specified Description: The issue is related to improper sanitization for upload paths in the Skipper server, allowing a malicious user with access to the server API to write arbitrary files to any...

PT-2024-26362 · Meshery · Meshery

Name of the Vulnerable Software and Affected Versions: Meshery versions prior to 0.7.22 Description: A SQL injection issue may lead to arbitrary file write by using a SQL injection stacked queries payload and the ATTACH DATABASE command. Attackers may be able to access and modify any data stored ...

IrisEVTXModule 安全漏洞

IrisEVTXModule is a DFIR-IRIS open source interface module for extracting Microsoft EVTX log files. A security vulnerability exists in IrisEVTXModule versions prior to 1.0.0, which stems from the presence of an arbitrary file write issue that could lead to remote code execution RCE...

libreoffice security fix update

1:5.3.6.1-26.0.1 - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' 1:5.3.6.1-26 - Fix CVE-2022-38745 Empty entry in Java class path - Fix CVE-2023-09...

Palo Alto PAN-OS GlobalProtect Remote Code Execution

Palo Alto PAN-OS versions 11.1.x 11.1.0-h3 / 11.1.1-h1 / 11.1.2-h3, 11.0.x 11.0.0-h3 / 11.0.1-h4 / 11.0.2-h4 / 11.0.3-h10 / 11.0.4-h1, 10.2.x 10.2.0-h3 / 10.2.1-h2 / 10.2.2-h5 / 10.2.3-h13 / 10.2.4-h16 / 10.2.5-h6 / 10.2.6-h3 / 10.2.7-h8 / 10.2.8-h3 / 10.2.9-h1 suffer from an arbitrary file write...

ZkTeco OEM 路径遍历漏洞

ZkTeco OEM is an intelligent system from the Chinese company ZkTeco. A path traversal vulnerability exists in ZkTeco OEM that originates from allowing an attacker to write to any file on the system with root privileges. The following products and versions are affected: ZkTeco ProFace X, Smartec...

CVE-2024-28064

Kiteworks Totemomail 7.x–8.2.1 is vulnerable to directory traversal via the /responsiveUI/EnvelopeOpenServlet endpoint using the messageId parameter, enabling unauthenticated read, delete, and write operations. Root cause involves directory traversal in the EnvelopeOpenServlet handling of message...

CVE-2024-28064

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations with displayLoginChunkedImages and write operations with storeLoginChunkedImages...

ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities

Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these vulnerabilities, see the Details "details" section of...

SUSE CVE-2024-25641

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

dotmesh arbitrary file read and/or write

Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...

CVE-2020-26312

Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...

CVE-2020-26312 GHSL-2020-254: Arbitrary file read and/or write in dotmesh

Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...