PT-2024-13856 · Ureport2 · Ureport2

Name of the Vulnerable Software and Affected Versions: ureport2 versions 2.2.9 and before Description: The issue allows attackers to write arbitrary files and run arbitrary commands via a crafted POST request. This is due to an Arbitrary File Write vulnerability in the saveReportFile method...

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request...

PT-2024-1051 · Apktool +1 · Apktool +1

Name of the Vulnerable Software and Affected Versions: Apktool versions 2.9.1 and prior Description: The issue is related to incorrect restriction of the directory path name with limited access. An attacker can exploit this to write or overwrite arbitrary data. Apktool infers resource files' outp...

CVE-2023-50090

Affected product: ureport2, version 2.2.9 and earlier. Vulnerability: Arbitrary File Write in the saveReportFile method, exploitable via crafted POST requests; enables writing arbitrary files and running arbitrary commands. Impact: high confidentiality, integrity, and availability risks; CVSS v3....

UReport2 Security Vulnerability

UReport2 is a high-performance pure Java reporting engine based on Spring architecture . A security vulnerability exists in UReport2 2.2.9 and earlier versions, which stems from an arbitrary file write vulnerability in the saveReportFile method. An attacker can use this vulnerability through a...

Honor FRI-AN00 Security Vulnerability

Honor FRI-AN00 is a smartphone from China-based Honor Honor. The Honor FRI-AN00 suffers from a security vulnerability that stems from a file write vulnerability, successful exploitation of which may lead to information disclosure...

Honor NTH-AN00 Security Breach

The Honor NTH-AN00 Honor 50 is a smartphone from the Chinese company Honor. The Honor NTH-AN00 suffers from a security vulnerability that stems from a file write vulnerability, which can be successfully exploited to cause code execution...

NewStart CGSL MAIN 5.04 : gzip Vulnerability (NS-SA-2023-0103)

The remote NewStart CGSL host, running version MAIN 5.04, has gzip packages installed that are affected by a vulnerability: - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, thi...

NewStart CGSL MAIN 6.06 : gzip Vulnerability (NS-SA-2023-0081)

The remote NewStart CGSL host, running version MAIN 6.06, has gzip packages installed that are affected by a vulnerability: - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, thi...

Path traversal

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

PYSEC-2023-279

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

PYSEC-2023-279

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

CVE-2023-50731 MindsDB has arbitrary file write in file.py

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

Arbitrary File Write

mlflow is vulnerable to Arbitrary File Write. The vulnerability is caused to an inappropriate path validation in the validatepathissafe function. This allows an attacker to arbitrarily write files to the mlflow serve...

GHSA-WV8Q-4F85-2P8P MLflow Path Traversal Vulnerability

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process...

CVE-2023-6976

CVE-2023-6976 is an Arbitrary File Write issue described across multiple sources (NVD, Red Hat, OSV, Veracode, GitHub advisories) affecting the server process’s ability to write files to arbitrary locations on the remote filesystem. Public descriptions consistently state the vulnerability enables...

PT-2023-32832 · Bitnami +4 · Mlflow +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue allows writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. Recommendations: At th...

Arbitrary File Write

mindsdb is vulnerable to Arbitrary File Write. The vulnerability is due improper filename sanitization within file.py. This issue can be exploited by an attacker to write arbitrary files to the filesystem...

GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182

Impact Issue: Arbitrary file write in file.py GHSL-2023-183 Patches Use mindsdb staging branch or v23.11.4.1...

GHSA-J8W6-2R9H-CXHJ GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182

Impact Issue: Arbitrary file write in file.py GHSL-2023-183 Patches Use mindsdb staging branch or v23.11.4.1...