Lucene search
K

194 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:43 p.m.9 views

CVE-2022-36990

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from...

9.6CVSS6.7AI score0.0058EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/02/04 12:0 a.m.7 views

The vulnerabilities of the unzip() and untar() functions in the Deep Java Library (DJL) allow a hacker to write arbitrary files.

The vulnerability of the unzip and untar functions in the Deep Java Library DJL is related to improper external handling of file names or paths. Exploiting this vulnerability allows a malicious actor to write any files they desire remotely...

10CVSS8AI score0.23267EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/01 12:0 a.m.7 views

The vulnerability of the GetConfPath() function in the Nginx UI server’s user interface allows a hacker to write arbitrary files.

The vulnerability of the GetConfPath function in the Nginx UI server’s user interface is related to the improper handling of JSON fields, resulting in incorrect values being retrieved without proper validation. This issue arises due to a faulty restriction on the path to the restricted directory...

7.8CVSS5.6AI score0.00579EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.4 views

PT-2024-7511 · Nginx · Nginx-Ui

Name of the Vulnerable Software and Affected Versions: Nginx UI versions 2.0.0-beta.35 and earlier Description: The issue is related to the Nginx UI's handling of JSON fields without proper verification, allowing an attacker to construct a value in the form of ../../ and write arbitrary files to...

8.7CVSS7.4AI score0.00579EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.7 views

PT-2024-6180 · Nginx · Nginx Agent

Name of the Vulnerable Software and Affected Versions: NGINX Agent affected versions not specified Description: The issue is related to the config dirs function of the NGINX Agent and NGINX Instance Manager platform, which allows an attacker to upload arbitrary files outside the intended director...

6.9CVSS6.8AI score0.00471EPSS
Exploits0References7
Malwarebytes
Malwarebytes
added 2024/03/21 9:22 p.m.67 views

Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now

Ivanti has issued patches for two vulnerabilities. One was discovered in the Ivanti Standalone Sentry, which impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. The other vulnerability impacts all supported versions of Ivanti Neurons for ITSM—2023.3, 2023.2...

8AI score0.12844EPSS
Exploits0
CISA
CISA
added 2024/03/21 12:0 p.m.16 views

Ivanti Releases Security Updates for Neurons for ITSM and Standalone Sentry

Ivanti has released security advisories to address vulnerabilities in Ivanti Neurons for ITSM and Standalone Sentry. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Ivanti advisories a...

9.9CVSS7.7AI score0.12844EPSS
Exploits0References2
Ivanti
Ivanti
added 2024/03/20 2:26 a.m.12 views

SA: CVE-2023-46808 (Authenticated Remote File Write) for Ivanti Neurons for ITSM

Last Modified Date Apr 4, 2024 4:10:39 PM...

9.9CVSS7.3AI score0.02001EPSS
Exploits0
OSV
OSV
added 2024/03/06 10:56 a.m.11 views

BIT-MLFLOW-2023-6976 Unrestricted Upload of File with Dangerous Type

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process...

8.8CVSS8.6AI score0.01008EPSS
Exploits1References3
OSV
OSV
added 2024/02/26 4:27 p.m.3 views

CVE-2023-49960

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint...

7.5CVSS5.9AI score0.00664EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/26 12:0 a.m.5 views

PT-2024-13842 · Indo Sol · Indo-Sol Profinet-Inspektor Nt

Name of the Vulnerable Software and Affected Versions: Indo-Sol PROFINET-INspektor NT versions 2.4.0 and earlier Description: A path traversal issue in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the...

7.5CVSS7.6AI score0.00664EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/10/31 2:40 a.m.5 views

SUSE CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

6.5CVSS7.1AI score0.01101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.4 views

PT-2023-9825

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.1 Description Gogs, an open-source self-hosted Git service, has an issue that allows a malicious user to write a file to an arbitrary path on the server, potentially gaining SSH access. The vulnerability resides in...

9.9CVSS8.2AI score0.75197EPSS
Exploits5References50
OSV
OSV
added 2023/09/28 10:10 p.m.31 views

CVE-2023-43654 TorchServe Server-Side Request Forgery

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

10CVSS9.1AI score0.35256EPSS
Exploits6References6
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.4 views

PT-2023-4886 · Siemens · Ruggedcom Crossbow

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.4 Description: A vulnerability has been identified that allows unauthenticated remote attackers to write arbitrary files to the affected application's file system due to the lack of authentication for a...

7.8CVSS7.7AI score0.00431EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/07/29 4:27 a.m.69 views

Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack

Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile EPMM, formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 CVSS score: 7.8, impacts support...

9.5AI score0.99999EPSS
Exploits14
OSV
OSV
added 2023/02/27 8:15 p.m.4 views

CVE-2022-46723

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files...

9.8CVSS5.9AI score0.00928EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:38 a.m.4 views

SUSE CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS7.2AI score0.12768EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:18 a.m.5 views

SUSE CVE-2015-4152

Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option...

6.4CVSS6.8AI score0.0303EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:2 a.m.3 views

SUSE CVE-2016-4971

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource...

8.8CVSS7.3AI score0.45935EPSS
Exploits8References6
Rows per page
Query Builder