openSUSE: Security Advisory for sudo (SUSE-SU-2023:0114-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit

!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Arbitrary File Write Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

CentOS 9 : sudo-1.9.5p2-9.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the sudo-1.9.5p2-9.el9 build changelog. - arbitrary file write with privileges of the RunAs user CVE-2023-22809 Note that Nessus has not tested for this issue but has instead relied only on...

CentOS 9 : libreoffice-7.1.8.1-11.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libreoffice-7.1.8.1-11.el9 build changelog. - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an...

CentOS 9 : xz-5.2.5-8.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the xz-5.2.5-8.el9 build changelog. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a...

CVE-2024-27081 ESPHome remote code execution via arbitrary file write

ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration...

CVE-2023-49960

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint...

Indu-Sol PROFINET-INspektor NT Security Vulnerability

The Indu-Sol PROFINET-INspektor NT is an analysis and test set for PROFINET communication verification, acceptance, quality checking and monitoring from Indu-Sol, Germany. A security vulnerability exists in Indu-Sol PROFINET-INspektor NT version 2.4.0 and earlier, which stems from a path traversa...

PT-2024-13842 · Indo Sol · Indo-Sol Profinet-Inspektor Nt

Name of the Vulnerable Software and Affected Versions: Indo-Sol PROFINET-INspektor NT versions 2.4.0 and earlier Description: A path traversal issue in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the...

Important: atril

Issue Overview: Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem ...

Amazon Linux 2 : atril (ALASMATE-DESKTOP1.X-2024-006)

The version of atril installed on the remote host is prior to 1.20.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2024-006 advisory. Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and...

Path Traversal (Zip Slip)

github.com/artdarek/go-unzip is vulnerable to Zip Slip. The vulnerability is due to improper handling of file paths within an archive. An attacker can construct an archive containing files with arbitrary paths which results in arbitrary file write outside of the restricted target directory during...

K000138582: TorchServe vulnerability CVE-2023-43654

Security Advisory Description TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage ...

Arbitrary File Write

github.com/hashicorp/nomad is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of symlinks by the template renderer. The attacker can manipulate file paths and write arbitrary files to the host system...

HashiCorp Nomad vulnerable to symlink attacks

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14...

CVE-2024-1329

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...

CVE-2024-1329

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...

CVE-2024-1329

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...

Design/Logic Flaw

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14...

UBUNTU-CVE-2024-1329

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...