CVE-2024-43373 webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle

webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving...

CVE-2024-43373 webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle

webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving...

webcrack 安全漏洞

webcrack is a tool for reverse engineering javascript by the individual developer j4k0xb. A security vulnerability exists in webcrack that originates from an arbitrary file write vulnerability in the webcrack module when processing specially crafted malicious code on Windows systems...

GHSA-CCQH-278P-XQ6W webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle

Summary An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path...

Directory Traversal

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Directory Traversal via the process handling file paths. A low-privileged attacker can access sensitive files outside the intended directory by submitting crafted path...

PT-2024-30537 · Webcrack · Webcrack

Name of the Vulnerable Software and Affected Versions: webcrack versions prior to 2.14.1 Description: An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack...

The vulnerability of the administrative interface of the FortiADC application controller allows a perpetrator to gain access to write arbitrary files.

The vulnerability of the FortiADC application delivery controller’s administrative interface is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain write access to arbitrary files by sending specially crafted HTTP or HTTPS requests...

CVE-2024-7399

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority...

CVE-2024-30188

File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue...

CVE-2024-7399

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority...

CVE-2024-7399

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority...

UBUNTU-CVE-2024-42365

Asterisk is an open source private branch exchange PBX and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Thi...

GHSA-H7CM-JVPP-69XF Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

GHSA-9F24-JRV4-F8G5 Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

PT-2024-7036 · Spring · Spring Cloud Data Flow

Name of the Vulnerable Software and Affected Versions: Spring Cloud Data Flow versions prior to 2.11.4 Description: A malicious user who has access to the Skipper server API can use a crafted upload request to write an arbitrary file to any location on the file system, which could lead to...

Directory Traversal

Overview Csla is a software development framework that helps you build a reusable, maintainable object-oriented business layer for your app. Affected versions of this package are vulnerable to Directory Traversal through the MobileFormatter component. An attacker can execute arbitrary code by...

CVE-2024-39688

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...

CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function

Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...