CVE-2024-31011

CVE-2024-31011 affects beescms v4.0, where an Arbitrary file write vulnerability exists in admin_template.php due to a file path that was not isolated and an unverified suffix. This allows a remote attacker to write arbitrary files and, as described, execute arbitrary code. The impact is consiste...

PT-2024-19257 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 19.00.0057 Description: A file write issue exists in the OAS Engine Save Security Configuration functionality. This can be triggered by a specially crafted series of network requests, leading to...

Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1950 Open Automation Software OAS Platform OAS Engine Tags Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-21870 SUMMARY A file write vulnerability exists in the OAS Engine Tags Configuration functionality of Open Automation Software...

Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1951 Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-22178 SUMMARY A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open...

CVE-2024-31011

Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admintemplate.php...

CVE-2024-20853

Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore...

PT-2024-23724 · Beescms · Beescms

Name of the Vulnerable Software and Affected Versions: beescms version 4.0 Description: The issue allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin template.php. This is an arbitrary file write vulnerability...

The vulnerability of Engrampa archiver, related to the improper restriction of the path to the limited catalog, allows attackers to upload files to any location within the system.

The vulnerability of Engrampa archiver lies in the lack of checks for the location of symbolic links, which allows arbitrary writing of files to unintended locations. Exploiting this vulnerability could enable a malicious actor to upload files to arbitrary locations within the system...

BIT-ARTIFACTORY-2023-42661

JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts...

Ivanti ITSM 代码问题漏洞

Ivanti ITSM is an IT service management solution from Ivanti Corporation, USA. A security vulnerability exists in Ivanti ITSM versions prior to 2023.4. An attacker exploited the vulnerability to perform a file write operation to the server...

Fedora 39 : ghc-base64 / ghc-hakyll / ghc-isocline / ghc-toml-parser / gitit / etc (2024-b458482d48)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-b458482d48 advisory. Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: - backport fixes for CVE-2023-35936 and CVE-2023-38745 pandoc-cli: - new package for pand...

Fedora 38 : ghc-base64 / ghc-hakyll / gitit / pandoc / patat (2024-6ad6b9f417)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-6ad6b9f417 advisory. Security fix for CVE-2023-35936 and CVE-2023-38745 - pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 - base64 now packaged in Fedora...

Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now

Ivanti has issued patches for two vulnerabilities. One was discovered in the Ivanti Standalone Sentry, which impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. The other vulnerability impacts all supported versions of Ivanti Neurons for ITSM—2023.3, 2023.2...

Ivanti Releases Security Updates for Neurons for ITSM and Standalone Sentry

Ivanti has released security advisories to address vulnerabilities in Ivanti Neurons for ITSM and Standalone Sentry. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Ivanti advisories a...

Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability

Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6. "An unauthenticated threa...

Delta Electronics DIAEnergie 路径遍历漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

PT-2024-22138 · Grav · Grav

Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.45 Description: A file upload path traversal vulnerability has been identified in Grav, an open-source, flat-file content management system. This vulnerability enables attackers to replace or create files with...

SA: CVE-2023-46808 (Authenticated Remote File Write) for Ivanti Neurons for ITSM

Last Modified Date 4-Apr-2024 16:10:39...

CVE-2024-20767 ColdFusion | Improper Access Control (CWE-284)

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interactio...

GHSA-HH2Q-QV66-JCQG Whoogle Search Path Traversal vulnerability

Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...