PT-2023-5499 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this, where the target must...

GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write

...

CKAN 2.10.x < 2.10.1 Multiples Vulnerabilities

According to its self-reported version number, the CKAN application running on the remote host is prior to 2.9.9 or 2.10.x prior to 2.10.1. It is, therefore, affected by multiples vulnerabilities : - An Arbitrary File Write in resourcecreate and packageupdate actions, using the ResourceUploader...

CKAN < 2.9.9 Multiples Vulnerabilities

According to its self-reported version number, the CKAN application running on the remote host is prior to 2.9.9 or 2.10.x prior to 2.10.1. It is, therefore, affected by multiples vulnerabilities : - An Arbitrary File Write in resourcecreate and packageupdate actions, using the ResourceUploader...

OESA-2023-1300 cpio security update

Security Fixes: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.CVE-2015-1197...

CVE-2023-32696 Excessive permissions for ckan user

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...

Arbitrary File Write

Jenkins Pipeline Utility Steps Plugin is vulnerable to Arbitrary File Write. The vulnerability exists due to not validating file paths of files contained within archives which allows an attacker to provide crafted archives as parameters to create or replace arbitrary files on the file system...

CKAN 安全漏洞

CKAN is an open source Dms data management system. It is used to power data centers and data portals. CKAN has a security vulnerability that stems from the presence of an arbitrary file write error that can lead to code execution or elevation of privilege...

PT-2023-15387 · Foxit · Fox-It Datadiode

Name of the Vulnerable Software and Affected Versions: Fox-IT DataDiode aka Fox DataDiode version 3.4.3 Description: The issue is a path traversal vulnerability that allows for arbitrary writing of files. A remote attacker could exploit this to achieve arbitrary code execution in the context of t...

PT-2023-23970 · Ckan · Ckan

Name of the Vulnerable Software and Affected Versions: CKAN versions prior to 2.9.9 CKAN versions prior to 2.10.1 Description: CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user, equivalent to www-data, owned co...

CVE-2023-32321

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also...

CVE-2023-32317

Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...

Code injection

Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...

Remote code execution

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also...

CVE-2023-32321 CKAN remote code execution and private information access via crafted resource ids

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also...

CVE-2023-32321 CKAN remote code execution and private information access via crafted resource ids

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also...

CVE-2023-32321

CKAN (open-source data management system) is affected by CVE-2023-32321 with multiple flaws in older CKAN releases up to 2.9.9/2.10.1. The issues include: (1) arbitrary file writes in resource_create and package_update via ResourceUploader, potentially reachable through package_create/revise/patc...

CVE-2023-32317

Autolab’s CVE-2023-32317 describes a tar-slip vulnerability in the MOSS cheat checker. An authenticated instructor can upload a crafted tar file via either the Base File Tar or Additional file archive inputs, causing expansion of archive contents to attacker-controlled paths (e.g., ../../../../tm...

CVE-2023-32317 Autolab tar slip in cheat checker functionality (`GHSL-2023-082`)

Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...

CVE-2023-26216 TIBCO EBX Add-ons Arbitrary File Write

The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below...