USN-6981-1: Drupal vulnerabilities

It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2020-13671 It was discovered that Drupal incorrectly sanitized archived filenames. A remote attacker could possibly use this issue to overwrite...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Monterey versions prior to 12.7.6, which stems from an application that may be able to overwrite arbitrary files...

PT-2024-4846 · Cisco · Cisco Secure Email Gateway

Name of the Vulnerable Software and Affected Versions: Cisco Secure Email Gateway affected versions not specified Description: A vulnerability in the content scanning and message filtering features could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying...

CVE-2024-3497

The CVE-2024-3497 entry refers to a directory traversal vulnerability in the web server of Toshiba e-STUDIO printers. The issue allows a network-adjacent attacker to overwrite or add files via path traversal in the unzip operation, with ZDI noting possible remote code execution and no authenticat...

CVE-2024-3497 Directory Traversal Remote Code Execution Vulnerability

Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from a directory traversal vulnerability that could overwrite or place new files on the multifunction device if the multifunction device...

PT-2024-21676 · Toshiba · Toshiba Printers

Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue allows an attacker to remotely compromise Toshiba printers by exploiting the admin web interface's file upload functionality. This can lead to the overwrite of insecure...

Siemens RUGGEDCOM CROSSBOW 路径遍历漏洞

Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. A path traversal vulnerability exists in Siemens RUGGEDCOM CROSSBOW, which can be exploited by an attacker to overwrite arbitrary files...

PT-2024-3686 · Siemens · Ruggedcom Crossbow

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.5 Description: A vulnerability has been identified that allows an attacker with the required privileges to overwrite arbitrary files in the system by downloading files with the same name as existing fil...

RHEL 6 : krb5-appl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - krb5-appl: Improper validation of object names allows malicious server to overwrite files via rcp client...

CVE-2024-28072

A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly...

PT-2024-25658 · Delta Electronics · Diaenergie

Name of the Vulnerable Software and Affected Versions: Delta Electronics DIAEnergie affected versions not specified Description: The issue is related to insufficient input validation, which allows for a path traversal attack. This enables writing outside of the intended directory. If a file name...

squashfs-tools: possible Directory Traversal via symbolic link

A directory traversal flaw was found in squashfs-tools. During extraction, a file can escape the destination directory by using a symbolic link, and a regular file with an identical name. This flaw allows a specially crafted squashfs archive to install or overwrite files outside of the destinatio...

GOG Galaxy 安全漏洞

GOG Galaxy is a game client program from the Polish company GOG. The program is used to install, launch and update games. A security vulnerability exists in GOG Galaxy versions 2.0.67.2 through 2.0.71.2, which originates from a vulnerability that allows an authenticated user to overwrite and...

Fedora 40 : python3.6 (2024-46374d2703)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-46374d2703 advisory. Security fix for CVE-2007-4559. ---- Fix tests for XMLPullParser with Expat 2.6.0 Tenable has extracted the preceding description block directly fro...

CVE-2024-32258

The network server of fceux 2.7.0 has a path traversal vulnerability, allowing attackers to overwrite any files on the server without authentication by fake ROM...

Qdrant 代码问题漏洞

Qdrant is a vector similarity search engine and vector database. A code issue vulnerability exists in Qdrant. An attacker exploiting this vulnerability could upload and overwrite any file on the file system...

CVE-2024-0406

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privilege...

CVE-2024-0406 Mholt/archiver: path traversal vulnerability

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privilege...

CVE-2024-25567

Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten...