Oracle Linux 8 : openssh (ELSA-2019-3702)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3702 advisory. 8.0p1-3 + 0.10.3-7 - Fix typos in manual pages 1668325 - Use the upstream support for PKCS8 PEM files alongside with the legacy PEM files 1712436 -...

CVE-2023-3252

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition...

CVE-2023-20115

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is d...

CVE-2023-20229

A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite arbitrary files on an affected system. This vulnerability is due to insufficient...

Cisco Duo 路径遍历漏洞

Cisco Duo is a fully managed solution from Cisco, Inc. It provides secure access to your applications and data. A security vulnerability exists in the Cisco Duo Device Health Application that stems from insufficient validation of input and could allow an authenticated, low-privileged local attack...

CVE-2023-38402

A vulnerability in the HPE Aruba Networking Virtual Intranet Access VIA client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service DoS condition affecting the Microsoft Windows...

NoMachine Backlink Vulnerability

NoMachine is a remote desktop access tool from the Luxembourg company NoMachine. A security vulnerability exists in NoMachine that can be exploited to overwrite files that require root privileges to modify by using a hard link...

CVE-2023-3329

SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting syste...

Path traversal

SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting syste...

Remote Code Execution (RCE)

orthanc is vulnerable to Remote Code Execution RCE. The vulnerability allows users with authenticated access to overwrite arbitrary files allowing malicious attackers to overwrite the configurations resulting in rce...

DEBIAN-CVE-2023-35947

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...

CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...

DEBIAN-CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...

CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...

PT-2023-24348

Name of the Vulnerable Software and Affected Versions Orthanc versions prior to 1.12.0 Description The issue allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system. In specific deployment scenarios, this can be exploited to overwrite the...

CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...

CVE-2023-29736

Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution...

PT-2023-2962 · Advantech · Advantech Webaccess/Scada

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess/SCADA versions 9.1.3 and prior Description: The issue is related to incorrect code generation management in the Advantech WebAccess software, which could allow an attacker to overwrite any file in the operating system,...

Siemens SIMATIC Cloud Connect 路径遍历漏洞

SIMATIC Cloud Connect 7 is an IoT gateway for connecting programmable logic controllers to cloud services and allows field devices with OPC UA server interfaces to be connected as OPC UA clients. A path traversal vulnerability exists in Siemens SIMATIC Cloud Connect 7, which can be exploited by a...