CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt

sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...

CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt

sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...

sbt path traversal vulnerability

sbt is a build tool for Scala, Java and more. A security vulnerability exists in versions prior to sbt 1.9.7, which stems from a vulnerability that allows attackers to write arbitrary files via specially crafted zip or JAR files...

Exploit for Incorrect Authorization in Vmware Aria_Operations_For_Logs

CVE-2023-34051 CVE-2023-34051 is an authentication bypass tha...

CVE-2023-5642

Advantech R-SeeNet v2.4.23 is affected by CVE-2023-5642. An unauthenticated remote attacker can read from and write to the snmpmon.ini file, which contains sensitive information, enabling information disclosure and potential further compromise. CVSS v3.1 metrics from NVD/Vuln reports indicate CRI...

CVE-2023-45686

Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal...

Path traversal

Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal...

CVE-2023-45685 Arbitrary file write via "zip slip" in Titan MFT and Titan SFTP servers

Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal...

CVE-2023-45685

CVE-2023-45685 (and related CVEs 45686–45690) affect South River Technologies Titan MFT and Titan SFTP servers on Windows and Linux. The issues stem from insufficient path validation and path traversal, enabling an authenticated attacker (often with administrative/privileged access) to perform ac...

PT-2023-6213 · South River Technologies · Titan Mft +1

Name of the Vulnerable Software and Affected Versions: South River Technologies' Titan MFT and Titan SFTP servers affected versions not specified Description: The issue is related to insufficient path validation when extracting a zip archive, allowing an authenticated attacker to write a file to...

South River Technologies TitanFTP NextGen Path Traversal Vulnerability

South River Technologies TitanFTP NextGen South River Technologies Titan FTP NextGen is a natively supported cluster for high availability and failover SFTP/ FTP server. A security vulnerability exists in South River Technologies TitanFTP NextGen that stems from insufficient validation of paths...

Exploit for Path Traversal in Fit2Cloud Jumpserver

CVE-2023-42819 CVE-2023-42819 Description of the Vulne...

Arbitrary Code Execution

netatalk is vulnerable to Arbitrary Code Execution. The vulnerability arises from the combination of primitives offered by SMB and AFP in their default configuration, enabling an attacker to inject and execute malicious code, resulting in arbitrary file write...

CVE-2023-43070

Dell SmartFabric Storage Software v1.4 and earlier contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container...

Arbitrary File Write

github.com/schollz/croc is vulnerable to Arbitrary File Write through crafted File Paths. The vulnerability is due to the Croc protocol which allows senders to specify sn arbitrary path for a file transfer. If the recipient doesn't already have a file with the same name, an attacker can exploit...

Default configuration

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

CVE-2023-43654 TorchServe Server-Side Request Forgery

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

CVE-2023-44171

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminsmtp.php...

CVE-2023-44169

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminnotify.php...

CVE-2023-44170

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminping.php...