1452 matches found
Apple macOS 安全漏洞
Apple macOS is a set of specialized operating systems developed for Mac computers by the American company Apple Apple. A security vulnerability exists in Apple macOS Sequoia versions prior to 15.2. An attacker exploiting the vulnerability can overwrite arbitrary files...
PT-2024-36381 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.2 macOS versions prior to 14.7.2 macOS versions prior to 15.2 Description: A logic issue was addressed with improved restrictions. This issue allows an app to potentially overwrite arbitrary files. Recommendations...
PT-2024-41081 · Spring · Spring Framework
Name of the Vulnerable Software and Affected Versions: Spring Framework affected versions not specified Description: The issue is related to the org.springframework.web.multipart package of the Spring Web module in the Spring Framework, which is associated with incorrect restriction of the path...
CVE-2024-6233
Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged...
CVE-2024-48862
A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the vulnerability in the followin...
CVE-2020-3538
A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploi...
CVE-2024-41972
A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges...
CVE-2023-20093
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An...
CVE-2023-20091
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system. An attacker...
CVE-2023-20091
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system. An attacker...
CVE-2023-20004
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An...
Cisco RoomOS Software和Cisco TelePresence Collaboration Endpoint Software 安全漏洞
Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of Cisco Corporation.Cisco RoomOS Software is a set of automated management software for Cisco devices. The software is mainly used for upgrading and managing the motherboard firmware of Cisco...
PYSEC-2024-111
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...
CVE-2024-33109
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function...
CVE-2024-33109
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function...
NewStart CGSL MAIN 6.02 : curl Multiple Vulnerabilities (NS-SA-2024-0050)
The remote NewStart CGSL host, running version MAIN 6.02, has curl packages installed that are affected by multiple vulnerabilities: - The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow...
CVE-2024-38651
CVE-2024-38651 affects Veeam Service Provider Console (VSPC); a low-privileged user can overwrite files on the VSPC server, enabling remote code execution. The vulnerability is listed under VSPC issue details and is addressed in VSPC 8.1 (build 8.1.0.21377). Exploit status is not detailed in the ...
Veeam Service Provider Console 安全漏洞
Veeam Service Provider Console is a cloud-enabled platform from Veeam USA. A security vulnerability exists in Veeam Service Provider Console version 8.0.0.19552 and previous versions 8, which stems from contains a code injection vulnerability that allows a low-privileged user to overwrite files o...
CVE-2024-45401 stripe-cli Path Traversal vulnerability
stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...
PT-2024-6331 · Veeam · Veeam Service Provider Console
Name of the Vulnerable Software and Affected Versions: Veeam Service Provider Console VSPC affected versions not specified Description: A code injection vulnerability can allow a low-privileged user to overwrite files on the VSPC server, which can lead to remote code execution on the VSPC server...