7267 matches found
PT-2023-9554
Name of the Vulnerable Software and Affected Versions Pandoc versions 1.13 through 3.1.4 Description Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media...
CVE-2023-35946
CVE-2023-35946 is a path-traversal vulnerability in Gradle’s dependency caching. When Gradle writes a dependency into the cache, it uses the dependency coordinates to determine the file path; crafted coordinates can cause writes outside the cache or overwrite other files in the cache. This can en...
PrestaShop Winbiz Payment Improper Limitation
Exploit Title: PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory Date: 2023-06-20 Dork: /modules/winbizpayment/downloads/download.php country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Vendor Homepage:...
CVE-2023-30945
Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...
CVE-2023-30945
The CVE-2023-30945 entry concerns Palantir products Clips2, VHS, and VCD (Video History Server, Video Clip Distributor) with an unauthenticated arbitrary file read/write vulnerability caused by missing input validation on filenames. The issue enables reading sensitive filesystem files and writing...
CVE-2023-30945 CVE-2023-30945
Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...
jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin
A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing "dot dot" sequences /../ to create o...
Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Exploit for Link Following in Microsoft
CVE-2023-29343 This is PoC for arbitrary file write bug in Sy...
Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin
A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing "dot dot" sequences /../ to create o...
PT-2023-5499 · Pdf Xchange · Pdf-Xchange Editor
Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this, where the target must...
GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write
...
CKAN < 2.9.9 Multiples Vulnerabilities
According to its self-reported version number, the CKAN application running on the remote host is prior to 2.9.9 or 2.10.x prior to 2.10.1. It is, therefore, affected by multiples vulnerabilities : - An Arbitrary File Write in resourcecreate and packageupdate actions, using the ResourceUploader...
CKAN 2.10.x < 2.10.1 Multiples Vulnerabilities
According to its self-reported version number, the CKAN application running on the remote host is prior to 2.9.9 or 2.10.x prior to 2.10.1. It is, therefore, affected by multiples vulnerabilities : - An Arbitrary File Write in resourcecreate and packageupdate actions, using the ResourceUploader...
OESA-2023-1300 cpio security update
Security Fixes: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.CVE-2015-1197...
CVE-2023-32696 Excessive permissions for ckan user
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...
Arbitrary File Write
Jenkins Pipeline Utility Steps Plugin is vulnerable to Arbitrary File Write. The vulnerability exists due to not validating file paths of files contained within archives which allows an attacker to provide crafted archives as parameters to create or replace arbitrary files on the file system...
CKAN 安全漏洞
CKAN is an open source Dms data management system. It is used to power data centers and data portals. CKAN has a security vulnerability that stems from the presence of an arbitrary file write error that can lead to code execution or elevation of privilege...
PT-2023-23970 · Ckan · Ckan
Name of the Vulnerable Software and Affected Versions: CKAN versions prior to 2.9.9 CKAN versions prior to 2.10.1 Description: CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user, equivalent to www-data, owned co...