Rocky Linux 9 : gzip (RLSA-2022:4582)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4582 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

CVE-2023-30723

CVE-2023-30723 affects Samsung Health prior to version 6.24.2.011. The vulnerability arises from improper input validation, enabling attackers to write arbitrary files with Samsung Health privileges. Affected software: Samsung Health (Samsung). Root cause: input validation flaw. Impact: potential...

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

MyBB Security Vulnerabilities

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is easy to use, supports multiple languages, scalable and so on. A security vulnerability exists in MyBB that originates from allowing attackers to perform Remote Code Execution RC...

CVE-2023-3252

CVE-2023-3252 affects Tenable Nessus prior to 10.5.5, where an authenticated, remote attacker with administrator privileges could modify logging variables to write arbitrary files on the remote host, causing a denial of service. The vulnerability is addressed in Nessus 10.5.5 (per TNS-2023-31). R...

Remote code execution

Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution...

CVE-2023-20890

VMware Aria Operations for Networks is affected by CVE-2023-20890, an arbitrary file write vulnerability that authenticated administrators can abuse to write files to arbitrary locations and achieve remote code execution. Nessus plugin confirms multiple affected 6.x versions; VMware has released ...

SUSE-RU-2023:3370-1 Recommended update for rsync

This update for rsync fixes the following issues: - Update to version 3.2.3 jscSLE-21252, jscPED-3146 - Add support for using --atimes to preserve atime of files in destination sync jscPED-3145 - Remove SuSEfirewall2 service as this was replaced by firewalld which already provides a rsyncd servic...

CVE-2023-39966

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the...

Ivanti patches second zero-day vulnerability being used in attacks

Ivanti has issued a patch to address a second critical zero-day vulnerability that is under active attack. The vulnerability is said to be used in combination with the first vulnerability we discussed some days ago. The Cybersecurity and Infrastructure Security Agency CISA has added the new...

Ivanti Endpoint Manager Mobile < 11.8.1.2 / 11.9.x < 11.9.1.2 / 11.10.x < 11.10.0.3 Arbitrary File Write (CVE-2023-35081)

The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is 11.8.1.2, 11.9.x 11.9.1.2, or 11.10.x 11.10.0.3. It is, therefore, affected by an authenticated arbitrary file write vulnerability. Note that Nessus has not tested for these issues but has inste...

CVE-2022-36327

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk i...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.17 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-16)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.17. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Code Dx Plugin CVE-2023-2195,...

CVE-2023-31473

Summary: CVE-2023-31473 affects GL.iNet devices prior to v3.216. A command-injection flaw with a filter allows an attacker to cause opkg to read an arbitrary file name as root, enabling arbitrary file write anywhere on the filesystem. This is possible through the software installation feature, wi...

CVE-2023-31472

GL.iNet devices prior to 3.216 are affected by a command-injection–driven arbitrary file-write vulnerability that allows creating empty files anywhere on the filesystem. Root cause: an input filter failure enables unintended file writes via a crafted command. Impact: potential unauthorized file c...

Security update for stellarium (important)

openSUSE Security Update: Security update for stellarium Announcement ID: openSUSE-SU-2023:0097-1 Rating: important References: 1209285 Cross-References: CVE-2023-28371 CVSS scores: CVE-2023-28371 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15...

Amazon Linux 2023 : xz, xz-devel, xz-libs (ALAS2023-2023-042)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-042 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...