UReport2 Security Vulnerability

UReport2 is a high-performance pure Java reporting engine based on Spring architecture . A security vulnerability exists in UReport2 2.2.9 and earlier versions, which stems from an arbitrary file write vulnerability in the saveReportFile method. An attacker can use this vulnerability through a...

Honor FRI-AN00 Security Vulnerability

Honor FRI-AN00 is a smartphone from China-based Honor Honor. The Honor FRI-AN00 suffers from a security vulnerability that stems from a file write vulnerability, successful exploitation of which may lead to information disclosure...

Honor NTH-AN00 Security Breach

The Honor NTH-AN00 Honor 50 is a smartphone from the Chinese company Honor. The Honor NTH-AN00 suffers from a security vulnerability that stems from a file write vulnerability, which can be successfully exploited to cause code execution...

NewStart CGSL MAIN 5.04 : gzip Vulnerability (NS-SA-2023-0103)

The remote NewStart CGSL host, running version MAIN 5.04, has gzip packages installed that are affected by a vulnerability: - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, thi...

NewStart CGSL MAIN 6.06 : gzip Vulnerability (NS-SA-2023-0081)

The remote NewStart CGSL host, running version MAIN 6.06, has gzip packages installed that are affected by a vulnerability: - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, thi...

PYSEC-2023-279

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

Path traversal

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

PYSEC-2023-279

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

CVE-2023-50731 MindsDB has arbitrary file write in file.py

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

Arbitrary File Write

mlflow is vulnerable to Arbitrary File Write. The vulnerability is caused to an inappropriate path validation in the validatepathissafe function. This allows an attacker to arbitrarily write files to the mlflow serve...

GHSA-WV8Q-4F85-2P8P MLflow Path Traversal Vulnerability

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process...

CVE-2023-6976

CVE-2023-6976 is an Arbitrary File Write issue described across multiple sources (NVD, Red Hat, OSV, Veracode, GitHub advisories) affecting the server process’s ability to write files to arbitrary locations on the remote filesystem. Public descriptions consistently state the vulnerability enables...

PT-2023-32832 · Bitnami +4 · Mlflow +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue allows writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. Recommendations: At th...

Arbitrary File Write

mindsdb is vulnerable to Arbitrary File Write. The vulnerability is due improper filename sanitization within file.py. This issue can be exploited by an attacker to write arbitrary files to the filesystem...

GHSA-J8W6-2R9H-CXHJ GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182

Impact Issue: Arbitrary file write in file.py GHSL-2023-183 Patches Use mindsdb staging branch or v23.11.4.1...

GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182

Impact Issue: Arbitrary file write in file.py GHSL-2023-183 Patches Use mindsdb staging branch or v23.11.4.1...

Path Traversal

mlflow is vulnerable to Arbitrary File Write. The vulnerability exists due to the lack of URL pat sanitization in the load function of httpdatasetsource.py, allowing an attacker to access files outside the expected directory and download arbitrary files through a malicious URL when loading datase...

Mlflow Path Traversal Vulnerability

Mlflow is an open source platform for machine learning lifecycles. A path traversal vulnerability exists in Mlflow versions prior to 2.9.2, which stems from the ability to write arbitrary files while loading a dataset...

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

CVE-2023-46455

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...