7205 matches found
CVE-2023-28483
TigerGraph Enterprise 3.7.0 contains a local file-write control bypass in GSQL: queries using UDFs can bypass GSQL.FileOutputPolicy and write to any file location accessible to the admin. This is triggered when GSQL queries include UDFs, allowing writes outside configured policy. Impact is descri...
Authorization
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization...
CVE-2023-39402
CVE-2023-39402 concerns a parameter verification flaw in the installd module that can allow reading and writing of sandbox files without authorization. The vulnerability is described as affecting the installd component, enabling unauthorized access with network attack vector, low attack complexit...
The vulnerability of the Base Internals component in the Google Chrome browser allows a hacker to read and write arbitrary files.
The vulnerability of Google Chrome’s Base Internals component is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to read and write arbitrary files using a specially crafted HTML page...
GHSA-HF7J-XJ3W-87G4 1Panel arbitrary file write vulnerability
Summary An arbitrary file write vulnerability could lead to direct control of the server Details Arbitrary file creation In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering...
1Panel arbitrary file write vulnerability
Summary An arbitrary file write vulnerability could lead to direct control of the server Details Arbitrary file creation In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering...
CVE-2023-39966
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...
Design/Logic Flaw
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...
CVE-2023-39966 1Panel arbitrary file write vulnerability exists in the background
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...
CVE-2023-39966 1Panel arbitrary file write vulnerability exists in the background
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...
CVE-2023-39966 1Panel arbitrary file write vulnerability exists in the background
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...
PT-2023-27178 · 1Panel · 1Panel
Name of the Vulnerable Software and Affected Versions: 1Panel versions 1.4.3 Description: An arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It that receives JSON data sent by users in the form o...
Missing Authorization
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...
GHSA-GF46-PRM4-56PC PrestaShop SQL manager vulnerability
Impact Remote code execution through SQL injection and arbitrary file write in back office Patches 1.7.8.10 8.0.5 8.1.1 Found by Truff via yeswehack Workarounds none References none...
PrestaShop SQL manager vulnerability
Impact Remote code execution through SQL injection and arbitrary file write in back office Patches 1.7.8.10 8.0.5 8.1.1 Found by Truff via yeswehack Workarounds none References none...
CVE-2023-32781
A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this...
CVE-2023-37373
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system...
Design/Logic Flaw
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system...
CVE-2023-37373
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system...
CVE-2023-37373
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system...