7279 matches found
CVE-2024-46640
SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method...
PT-2024-37863 · Moxa · Mxview One Series +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue occurs when an attacker exploits a race condition between the time a file is checked and the time it is used, known as a...
CVE-2024-46986
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...
CVE-2024-46986
Camaleon CMS (Ruby on Rails) has an authenticated arbitrary file write vulnerability in the MediaController upload flow that lets an attacker write files to arbitrary server paths (depending on filesystem permissions). A crafted payload can place a Ruby file under config/initializers, potentially...
CVE-2024-46986 Arbitrary file write leading to RCE in Camaleon CMS
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...
CVE-2024-46986 Arbitrary file write leading to RCE in Camaleon CMS
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...
CVE-2024-46986 Arbitrary file write leading to RCE in Camaleon CMS
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...
GHSA-WMJG-VQHV-Q5P5 Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...
CamaleonCMS 注入漏洞
CamaleonCMS is an advanced RubyonRails-based dynamic content management system CMS from the CamaleonCMS team. An injection vulnerability exists in CamaleonCMS version 2.8.0, which stems from the presence of an arbitrary file write vulnerability that allows an authenticated user to write arbitrary...
PT-2024-32320 · Unknown · Ruby On Rails +1
Name of the Vulnerable Software and Affected Versions: Camaleon CMS versions prior to 2.8.2 Description: An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS...
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...
The vulnerability of the generate_filename() function in the django.core.files.storage.Storage class of the Django web application framework allows a malicious actor to write arbitrary files.
The vulnerability of the generatefilename function in the django.core.files.storage.Storage class of the Django web application framework is related to an incorrect path name limitation for restricted directories. Exploiting this vulnerability could allow a malicious actor to write arbitrary file...
The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in buffer overflows in the stack, allowing attackers to write arbitrary files to the file system.
The vulnerability of Adobe After Effects video and dynamic image editing software relates to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to write arbitrary files to the file system using a specially created malicious file...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS version 13.7, which originates from unzipping a maliciously crafted archive could allow an attacker to write arbitrary files...
PT-2024-31002 · Apple · Macos Sonoma +6
Name of the Vulnerable Software and Affected Versions: macOS Ventura versions prior to 13.7 visionOS versions prior to 2 iOS versions prior to 18 iPadOS versions prior to 18 macOS Sonoma versions prior to 14.7 macOS Sequoia versions prior to 15 Description: An app may be able to overwrite arbitra...
PT-2024-22100 · Apple · Visionos +6
Name of the Vulnerable Software and Affected Versions: macOS Ventura versions 13.0 through 13.6 iOS versions 17.0 through 17.6 iPadOS versions 17.0 through 17.6 macOS Sonoma versions 14.0 through 14.6 macOS Sequoia versions 15.0 affected versions not specified for visionOS Description: A race...
PT-2024-31513
Name of the Vulnerable Software and Affected Versions BYOB affected versions not specified Description The issue concerns unauthenticated remote code execution on BYOB via arbitrary file write. A research paper was written on this topic, but there was an incident involving the theft of this...
UBUNTU-CVE-2024-45593
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root...
CVE-2024-21753
Fortinet FortiClientEMS is affected by a path traversal vulnerability (CVE-2024-21753) across multiple releases: 1.2.1–1.2.5, 6.0.0–6.0.8, 6.2.0–6.2.9, 6.4.0–6.4.9, 7.0.0–7.0.13, and 7.2.0–7.2.4. The issue stems from improper limitation of a pathname to a restricted directory, allowing a remote a...