CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

CVE-2023-31476

GL.iNet devices with firmware older than 3.216 are affected by an arbitrary file write vulnerability that lets an empty file be created almost anywhere in the filesystem, as long as the filename and path are ≤ 6 characters and the working directory is /www. Impact details from CVE indicate potent...

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

CVE-2023-31472

GL.iNet devices prior to 3.216 are affected by a command-injection–driven arbitrary file-write vulnerability that allows creating empty files anywhere on the filesystem. Root cause: an input filter failure enables unintended file writes via a crafted command. Impact: potential unauthorized file c...

ManageEngine ADAudit Plus Authenticated File Write RCE

This module exploits security issues in ManageEngine ADAudit Plus prior to 7006 that allow authenticated users to execute arbitrary code by creating a custom alert profile and leveraging its custom alert script component. The module first runs a few checks to test the provided credentials, retrie...

WORKS MOBILE Drive Explorer for macOS 代码注入漏洞

WORKS MOBILE Drive Explorer for macOS is a drive explorer for macOS from WORKS MOBILE Japan. A security vulnerability exists in WORKS MOBILE Drive Explorer for macOS, which stems from the fact that execution of LINE WORKS Drive Explorer requires full disk access privileges, allowing an attacker t...

EulerOS Virtualization 3.0.2.0 : xz (EulerOS-SA-2023-1739)

According to the versions of the xz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name...

EulerOS Virtualization 3.0.2.0 : gzip (EulerOS-SA-2023-1716)

According to the versions of the gzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file nam...

CVE-2023-21505

Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices version 2.1.00.36, which originated from allowing arbitrary files to be written i...

CVE-2023-21505

Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox...

CVE-2023-21491

Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege...

openSUSE 15 Security Update : stellarium (openSUSE-SU-2023:0097-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0097-1 advisory. - In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

OPENSUSE-SU-2023:0097-1 Security update for stellarium

This update for stellarium fixes the following issues: - CVE-2023-28371: Fixed arbitrary file write issue. boo1209285...

Security update for stellarium (important)

openSUSE Security Update: Security update for stellarium Announcement ID: openSUSE-SU-2023:0097-1 Rating: important References: 1209285 Cross-References: CVE-2023-28371 CVSS scores: CVE-2023-28371 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...

CVE-2023-2273

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

Rapid7 Insight Agent 路径遍历漏洞

Rapid7 Insight Agent is a lightweight software from Rapid7 USA. The software is capable of collecting data from IT assets. A security vulnerability exists in Rapid7 Insight Agent version 3.2.6 and earlier versions. An attacker exploiting this vulnerability can write to arbitrary files...

CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

CVE-2021-23166

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server...