EUVD-2020-0018

Malware in sbrugna...

EUVD-2021-30834

Malicious code in bioql PyPI...

PT-2025-34199

Name of the Vulnerable Software and Affected Versions: WP Webhooks plugin for WordPress versions up to and including 3.3.5 Description: The WP Webhooks plugin for WordPress is susceptible to arbitrary file copy due to insufficient validation of user-supplied input. This allows unauthenticated...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco USA. The platform collects real-time information from the network, users, and devices, and develops and enforces policies to regulate the network. A security vulnerability exists in...

CVE-2025-48889

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy a...

Gradio Allows Unauthorized File Copy via Path Manipulation

An arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files like /dev/urandom to fill disk space. Description The...

Grunt 安全漏洞

Grunt is a JavaScript task runner. A security vulnerability exists in Grunt versions prior to 1.5.3, which stems from file.copy being susceptible to TOCTOU Attackers can exploit this vulnerability to perform arbitrary file writes...

PT-2022-18855 · Jenkins · Jenkins Pipeline: Phoenix Autotest Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Phoenix AutoTest Plugin versions 1.3 and earlier Description: The issue allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace...

CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...

Tenable Nessus 8.9.0 - 8.12.0 File Copy Vulnerability (TNS-2020-08) - Windows

Tenable Nessus is prone to a file copy vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus";...

CVE-2020-5793

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerabili...

CVE-2020-5793

CVE-2020-5793 affects Tenable Nessus (Windows) versions 8.9.0–8.12.0 and Nessus Agent 8.0.0–8.1.0. An authenticated local attacker can copy user-supplied files to a specially crafted path in a named user directory by dropping a malicious file into a system directory. The exploit requires valid Wi...

MGASA-2020-0060 Updated ansible package fixes security vulnerabilities

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

Ansible: malicious code could craft filename in nxos_file_copy module

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues...

CVE-2019-17445

An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations scanning, can be forced to copy files from the filesystem to other locations via Symbolic Link Following...

Fedora 29 : proftpd (2019-82b0f48691)

This update addresses an arbitrary file copy vulnerability in modcopy in ProFTPD, which allowed for remote code execution and information disclosure without authentication due to not honoring constraints. Upstream bug: http://bugs.proftpd.org/showbug.cgi?id=4372 Note that Tenable Network Security...

CVE-2016-10785

cPanel before 60.0.25 allows attackers to discover file contents during file copy operations SEC-185...

CVE-2019-12815

Summary: CVE-2019-12815 is a vulnerability in ProFTPD’s mod_copy that allowed unauthenticated remote access to copy arbitrary files due to incomplete CPFR/CPTO permission checks, enabling remote code execution and information disclosure. Affected software: ProFTPD up to 1.3.5b (and related 1.3.5 ...