Flaskcode Security Vulnerability

Flaskcode is a web-based code editor on the Python Flask framework. A security vulnerability exists in Flaskcode 0.0.8 and earlier versions, which stems from a directory traversal vulnerability that could allow an unauthenticated attacker to write to arbitrary files...

PT-2024-14506 · Flaskcode · Flaskcode

Name of the Vulnerable Software and Affected Versions: flaskcode versions through 0.0.8 Description: An issue was discovered that allows for unauthenticated directory traversal, which can be exploited with a POST request to the "/update-resource-data/" API endpoint. This enables attackers to writ...

PT-2024-2987 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 776 Description: The issue is related to a Path Traversal vulnerability, which allows an attacker to change directories, create files, and download them outside the allowed directories. This can potentially...

Exploit for Path Traversal in Apktool

MobSF Remote code execution via CVE-2024-21633 I have found...

CVE-2024-20804

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file...

CVE-2024-20804

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file...

CVE-2024-20805

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file...

CVE-2024-20804

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file...

SAMSUNG mobile devices path traversal vulnerability

SAMSUNG mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from South Korea's Samsung SAMSUNG. A path traversal vulnerability exists in SAMSUNG mobile devices SMR Jan-2024 Release 1 version and earlier versions, which stems from a path traversal...

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

Design/Logic Flaw

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

DEBIAN-CVE-2024-21633

Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are...

CVE-2024-21633 Arbitrary file write on Decoding

Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are...

CVE-2024-21633 Arbitrary file write on Decoding

Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are...

CVE-2023-50090

Affected product: ureport2, version 2.2.9 and earlier. Vulnerability: Arbitrary File Write in the saveReportFile method, exploitable via crafted POST requests; enables writing arbitrary files and running arbitrary commands. Impact: high confidentiality, integrity, and availability risks; CVSS v3....

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

PT-2024-1051 · Apktool +1 · Apktool +1

Name of the Vulnerable Software and Affected Versions: Apktool versions 2.9.1 and prior Description: The issue is related to incorrect restriction of the directory path name with limited access. An attacker can exploit this to write or overwrite arbitrary data. Apktool infers resource files' outp...

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

PT-2024-13856 · Ureport2 · Ureport2

Name of the Vulnerable Software and Affected Versions: ureport2 versions 2.2.9 and before Description: The issue allows attackers to write arbitrary files and run arbitrary commands via a crafted POST request. This is due to an Arbitrary File Write vulnerability in the saveReportFile method...