GHSA-9P5F-5X8V-X65M Directory traversal + file write causing arbitrary code execution

Impact Frederic Linn @FredericLinn has reported a series of vulnerabilities that can result in directory traversal, file write, and potential remote code execution on Jellyfin instances. The general process involves chaining several exploits including a stored XSS vulnerability and can be used by...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper input sanitization in ClientLogController, when the GetRequestInformation method retrieves the name and version of the client from the HttpContext.User object. Details A Directory Traversal attack als...

Directory traversal

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

Arbitrary File Write

MindsDB is vulnerable to Arbitrary File Write. The vulnerability exists due to an unsafe extraction process in file.py which does not ensure relative file paths are escaped allowing an attacker to write arbitrary files outside the expected directory...

PT-2023-22824 · Jellyfin · Jellyfin-Web

Name of the Vulnerable Software and Affected Versions: jellyfin-web versions 10.1.0 through 10.8.10 Description: A stored cross-site scripting issue in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. This can result in remote code execution on the Jellyf...

jellyfin -- Multiple vulnerabilities

[email protected] reports: Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting...

CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

Cisco TelePresence Collaboration Endpoint and RoomOS Arbitrary File Write Vulnerabilities

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS could allow an attacker to elevate privileges, overwrite arbitrary files, or view sensitive data on an affected device. For more information about these vulnerabilities, see the Details "details" section of...

CVE-2022-43293

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\WacomTablet.exe...

CVE-2022-43293

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\WacomTablet.exe...

CVE-2022-43293

CVE-2022-43293 concerns Wacom Driver 6.3.46-1 for Windows, which contains an arbitrary file write vulnerability via the Wacom_Tablet.exe component. The affected software is the Windows driver; the underlying issue is an arbitrary file write capability, enabling potential manipulation of files by ...

PT-2023-14188 · Wacom · Wacom Driver

Name of the Vulnerable Software and Affected Versions: Wacom Driver version 6.3.46-1 Description: The Wacom Driver for Windows contains an arbitrary file write issue via the Wacom Tablet.exe component. This allows for potential malicious activity. Recommendations: For Wacom Driver version 6.3.46-...

CVE-2022-43293

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\WacomTablet.exe...

Siemens SCALANCE M875 Arbitrary File Read and Write (CVE-2018-4861)

A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to...

CVE-2022-43293

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\WacomTablet.exe...

WordPress plugin Hummingbird 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...