SUSE CVE-2020-10696

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

SUSE CVE-2021-40324

Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...

SUSE CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

SUSE CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...

SUSE CVE-2022-26520

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

SUSE CVE-2022-44900

A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...

CVE-2023-24804

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal...

Path traversal

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal...

CVE-2023-24804 ownCloud Android app vulnerable to Path Traversal

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal...

CVE-2023-24804 ownCloud Android app vulnerable to Path Traversal

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal...

CVE-2023-24804

Summary: The ownCloud Android app (prior to v3.0) has an incomplete fix for a path traversal issue, with two bypass methods that can disclose information when uploading internal files and allow arbitrary file writes for plain text uploads (limited by .txt). Version 3.0 fixes these bypasses. Impac...

CVE-2023-24804 ownCloud Android app vulnerable to Path Traversal

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal...

PT-2023-19788 · Owncloud · Owncloud Android App

Name of the Vulnerable Software and Affected Versions: ownCloud Android app versions prior to 3.0 Description: The ownCloud Android app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. These bypasses may lead to information disclosure when uploading the...

Arbitrary File Write

github.com/openshift/source-to-image is vulnerable to Arbitrary File Write. The vulnerability exists due to the improper input validation in tar.go, which allows an attacker to overwrite files outside of the working directory via a Zip Slip...

CVE-2023-0745

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

CVE-2023-0745 Arbitrary File Write in High Availability Backup Upload

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

CVE-2023-0745

CVE-2023-0745 affects YugabyteDB Anywhere (versions 2.0.0.0–2.13.0.0). The issue is in the backup upload endpoint via path traversal in the PlatformReplicationManager.Java program, allowing arbitrary file writes and impacting confidentiality, integrity, and availability. The connected sources con...

CVE-2023-0745 Arbitrary File Write in High Availability Backup Upload

The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary files through the backup upload endpoint by using path traversal characters. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects YugabyteDB Anywhere: from...

CVE-2023-21445

CVE-2023-21445 concerns an improper access control vulnerability in Samsung MyFiles. Affected platforms include Android R (11) versions prior to 12.2.09, Android S (12) prior to 13.1.03.501, and Android T (13) prior to 14.1.00.422. The flaw allows a local attacker to write a file with MyFiles pri...

Arbitrary File Write

net.mingsoft:ms-mcms is vulnerable to Arbitrary File Write. An authenticated attacker is able to cause an arbitrary file write via the ms/template/writeFileContent.do component due to unrestricted file upload...