Lucene search
K

7280 matches found

CVE
CVE
added 2024/11/18 9:5 a.m.67 views

CVE-2024-41973

CVE-2024-41973 enables a low-privileged remote attacker to specify an arbitrary file on the filesystem, which may lead to arbitrary file writes with root privileges . The vulnerability is documented across multiple sources as affecting WAGO devices (e.g., CC100 0751-9x01, Edge Controller 0752-830...

8.1CVSS8.1AI score0.00605EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/18 9:5 a.m.10 views

CVE-2024-41973 WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices

A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges...

8.1CVSS7.1AI score0.00605EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/18 9:5 a.m.15 views

CVE-2024-41973 WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices

A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges...

8.1CVSS0.00605EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.5 views

WAGO多款产品 安全漏洞

WAGO PFC100 and others are products of WAGO, Germany.WAGO PFC100 is a programmable logic controller PLC.WAGO CC100 0751-9x01 is a compact controller.WAGO Edge Controller 0752-8303/8000-0002 is a controller. A security vulnerability exists in various WAGO products. The vulnerability stems from a...

8.1CVSS6.8AI score0.00605EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.6 views

MarkUs 代码问题漏洞

MarkUs is a Ruby on Rails and React web application from MarkUs open source for submitting and grading student assignments. A code issue vulnerability exists in MarkUs versions prior to v2.4.8, which stems from the presence of an arbitrary file write vulnerability that allows an authenticated use...

8.8CVSS6.8AI score0.00696EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.5 views

PT-2024-34876 · Markus +1 · Markus +1

Name of the Vulnerable Software and Affected Versions: MarkUs versions prior to 2.4.8 Description: The issue is related to an arbitrary file write vulnerability in the update/upload/create file methods in Controllers, allowing authenticated instructors to write arbitrary files to any location on...

8.8CVSS7.7AI score0.00723EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.3 views

MarkUs 代码问题漏洞

MarkUs is a Ruby on Rails and React web application from MarkUs open source for submitting and grading student assignments. A code issue vulnerability exists in MarkUs versions prior to v2.4.8 that stems from the presence of an arbitrary file write vulnerability that allows an authenticated...

8.8CVSS6.8AI score0.00723EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.8 views

PT-2024-34663 · Markus · Markus

Name of the Vulnerable Software and Affected Versions: MarkUs versions prior to 2.4.8 Description: MarkUs is a web application for the submission and grading of student assignments. An arbitrary file write vulnerability accessible via the update files method of the SubmissionsController allows...

7.1CVSS7.7AI score0.00696EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/11/15 3:23 p.m.14 views

CVE-2023-20004 Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An...

4.4CVSS0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/15 3:23 p.m.12 views

CVE-2023-20004 Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An...

4.4CVSS7.3AI score0.00192EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/11/14 12:0 a.m.435 views

TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write

Hej, Let's keep it short ... ===== Intro ===== A "sudo make me a sandwich" security issue has been identified in the TX Text Control .NET Server for ASP.NET1. According to the vendor2, "the most powerful, MS Word compatible document editor that runs in all browsers". Likely all versions are...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/11/13 12:0 a.m.311 views

TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write

Hej, Let's keep it short ... ===== Intro ===== A "sudo make me a sandwich" security issue has been identified in the TX Text Control .NET Server for ASP.NET1. According to the vendor2, "the most powerful, MS Word compatible document editor that runs in all browsers". Likely all versions are...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2024/11/12 3:45 p.m.19 views

CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

9CVSS0.0066EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/11/12 12:0 a.m.5 views

Synology DiskStation Manager (DSM) File Write Vulnerability (Synology-SA-24:20) - Remote Known Vulnerable Versions Check

Synology DiskStation Manager DSM is prone to a file write vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.6AI score0.00352EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/11/12 12:0 a.m.5 views

Synology DiskStation Manager (DSM) File Write Vulnerability (Synology-SA-24:20) - Unreliable Remote Version Check

Synology DiskStation Manager DSM is prone to a file write vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.6AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/11 7:20 p.m.19 views

CVE-2024-51748 Remote code execution through language setting in kanboard

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...

9.1CVSS0.0091EPSS
Exploits1References1
OSV
OSV
added 2024/11/11 7:20 p.m.12 views

CVE-2024-51748 Remote code execution through language setting in kanboard

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...

9.1CVSS7.5AI score0.0091EPSS
Exploits1References3
CVE
CVE
added 2024/11/11 7:20 p.m.66 views

CVE-2024-51748

CVE-2024-51748 : Kanboard prior to 1.2.42 contains a path traversal/authenticated admin vulnerability that lets an attacker place a payload PHP file (translations.php) and, via a crafted sqlite.db, load the file path to achieve remote code execution. This requires the attacker to host/upload the ...

9.1CVSS9.4AI score0.0091EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2024/11/11 7:20 p.m.16 views

CVE-2024-51748

Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting applicationlanguage in the...

9.1CVSS6.5AI score0.0091EPSS
Exploits1
Huntr
Huntr
added 2024/11/11 6:4 a.m.6 views

Path traversal, lead to arbitrary file write, lead to remote code execution

Description Anythingllm use multer library to handle http multi-part file upload. Anything llm use the following code to handle non-ascii file name file.originalname = Buffer.fromfile.originalname, "latin1".toString "utf8" ; This way of manipulating filename is will lead to path traversal. multer...

7.2CVSS7.6AI score0.19777EPSS
Exploits1
Rows per page
Query Builder