EulerOS 2.0 SP11 : git (EulerOS-SA-2024-2098)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be...

CVE-2024-27311 Arbitrary file writing

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder...

CVE-2024-27311 Arbitrary file writing

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder...

RHEL 4 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php: paths with NULL character were considered valid CVE-2006-7243 - php: XSLT file writing vulnerability...

CVE-2024-3584 Path Traversal in qdrant/qdrant

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/name/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt...

CVE-2024-33615

A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution...

CVE-2024-33615 CyberPower PowerPanel business Relative Path Traversal

A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution...

CVE-2024-33615

CVE-2024-33615 affects CyberPower PowerPanel Business (PowerPanel business) up to version 4.9.0. A specially crafted ZIP containing path traversal characters can be imported to the server, enabling writing files outside the intended scope and potentially remote code execution. Remediation: CyberP...

CVE-2024-33615 CyberPower PowerPanel business Relative Path Traversal

A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution...

CVE-2024-31460

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...

1Panel 命令注入漏洞

1Panel is an open source Linux server operations and management panel for the Chinese 1panel community. A command injection vulnerability exists in versions prior to 1Panel v1.10.3-lts. The vulnerability stems from the presence of a command injection issue that can lead to arbitrary file writing...

CVE-2024-31460 Cacti SQL Injection vulnerability in lib/api_automation.php caused by reading dirty data stored in database

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...

CVE-2024-31460

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...

CVE-2024-31460

CVE-2024-31460 is a SQL injection in Cacti prior to 1.2.27, caused by unsafely concatenating SQL in automation_tree_rules.php data used by create_all_header_nodes. The vulnerability may enable modification of the Cacti database and, as described, could lead to arbitrary file reading and even remo...

Delta Electronics DIAEnergie Path Traversal Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. A path traversal vulnerability exists in Delta Electronics DIAEnergie, which can be exploited by an attacker to write an arbitrary file on the system by sending a specially crafted URL...

CVE-2024-1511

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various...

Delta Electronics DIAEnergie path traversal vulnerability (CNVD-2025-06625)

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

BIT-POSTGRESQL-JDBC-DRIVER-2022-26520

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

The vulnerability of the microprogramming software used in Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC controllers allows attackers to disclose protected information or execute arbitrary files.

The vulnerability of the microprogramming software used in Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to disclose sensitive...

CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives

stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...