PT-2025-3965 · Sante · Sante Pacs Server Dcm

Name of the Vulnerable Software and Affected Versions: Sante PACS Server DCM affected versions not specified Description: The issue is a Directory Traversal Arbitrary File Write Vulnerability that allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. No...

PT-2025-3964 · Sante · Sante Pacs Server Web Portal Dcm

Name of the Vulnerable Software and Affected Versions: Sante PACS Server Web Portal DCM affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this issue. The...

[SECURITY] [DLA 3884-1] cacti security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3884-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 09, 2024 https://wiki.debian.org/LTS -...

AZL-48849 CVE-2024-36137 affecting package nodejs 20.14.0-13

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...

@actions/download-artifact has an Arbitrary File Write via artifact extraction

Impact Versions of actions/download-artifact before 4.1.3 are vulnerable to arbitrary file write when downloading and extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 4.1.3 or higher. Alternatively use 'v4' tag which points to the lates...

GHSA-CXWW-7G56-2VH6 @actions/download-artifact has an Arbitrary File Write via artifact extraction

Impact Versions of actions/download-artifact before 4.1.3 are vulnerable to arbitrary file write when downloading and extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 4.1.3 or higher. Alternatively use 'v4' tag which points to the lates...

@actions/artifact has an Arbitrary File Write via artifact extraction

Impact Versions of actions/artifact before 2.1.7 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 2.1.7 or...

GHSA-6Q32-HQ47-5QQ3 @actions/artifact has an Arbitrary File Write via artifact extraction

Impact Versions of actions/artifact before 2.1.7 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 2.1.7 or...

@actions/artifact has an Arbitrary File Write via artifact extraction

Versions of actions/artifact before 2.1.7 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted artifact that contains path traversal filenames...

CVE-2024-42471

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...

CVE-2024-42471

CVE-2024-42471 affects the GitHub Toolkit component actions/artifact (2.x) prior to 2.1.2 , where extracting artifacts with path traversal filenames via downloadArtifactInternal , downloadArtifactPublic , or streamExtractExternal can cause an arbitrary file write. Affected advisories also referen...

CVE-2024-42471 Arbitrary File Write via artifact extraction in actions/artifact

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...

CVE-2024-42471 Arbitrary File Write via artifact extraction in actions/artifact

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...

CVE-2024-42471 Arbitrary File Write via artifact extraction in actions/artifact

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...

PT-2024-29968 · Github · Actions/Artifact

Name of the Vulnerable Software and Affected Versions: actions/artifact versions 2.0.0 through 2.1.1 actions/artifact versions 2.1.2 through 2.1.6 Description: The issue concerns arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for...

Microsoft Exchange ProxyLogon Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework begin auxiliary class class MetasploitModule 'Microsoft Exchange ProxyLogon Scanner', 'Description' = %q This module scan for a vulnerability on Microsoft Exchange Serve...

Exploit for Improper Input Validation in Cacti

CVE-2024-25641 - Cacti 1.2.26 - Arbitrary file write to RCE 🌵...

Exploit for Improper Input Validation in Cacti

CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26 Fully auto...

GHSA-6JRJ-VC65-C983 unzip-stream allows Arbitrary File Write via artifact extraction

Impact When using the Extract method of unzip-stream, malicious zip files were able to write to paths they shouldn't be allowed to. Patches Fixed in 0.3.2 References - https://snyk.io/research/zip-slip-vulnerability - https://github.com/mhr3/unzip-stream/compare/v0.3.1...v0.3.2 Credits Justin Taf...

nodejs: fs.fchown/fchmod bypasses permission model

A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner...