194 matches found
CVE-2022-36990
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from...
The vulnerabilities of the unzip() and untar() functions in the Deep Java Library (DJL) allow a hacker to write arbitrary files.
The vulnerability of the unzip and untar functions in the Deep Java Library DJL is related to improper external handling of file names or paths. Exploiting this vulnerability allows a malicious actor to write any files they desire remotely...
The vulnerability of the GetConfPath() function in the Nginx UI server’s user interface allows a hacker to write arbitrary files.
The vulnerability of the GetConfPath function in the Nginx UI server’s user interface is related to the improper handling of JSON fields, resulting in incorrect values being retrieved without proper validation. This issue arises due to a faulty restriction on the path to the restricted directory...
PT-2024-7511 · Nginx · Nginx-Ui
Name of the Vulnerable Software and Affected Versions: Nginx UI versions 2.0.0-beta.35 and earlier Description: The issue is related to the Nginx UI's handling of JSON fields without proper verification, allowing an attacker to construct a value in the form of ../../ and write arbitrary files to...
PT-2024-6180 · Nginx · Nginx Agent
Name of the Vulnerable Software and Affected Versions: NGINX Agent affected versions not specified Description: The issue is related to the config dirs function of the NGINX Agent and NGINX Instance Manager platform, which allows an attacker to upload arbitrary files outside the intended director...
Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now
Ivanti has issued patches for two vulnerabilities. One was discovered in the Ivanti Standalone Sentry, which impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. The other vulnerability impacts all supported versions of Ivanti Neurons for ITSM—2023.3, 2023.2...
Ivanti Releases Security Updates for Neurons for ITSM and Standalone Sentry
Ivanti has released security advisories to address vulnerabilities in Ivanti Neurons for ITSM and Standalone Sentry. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Ivanti advisories a...
SA: CVE-2023-46808 (Authenticated Remote File Write) for Ivanti Neurons for ITSM
Last Modified Date Apr 4, 2024 4:10:39 PM...
BIT-MLFLOW-2023-6976 Unrestricted Upload of File with Dangerous Type
This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process...
CVE-2023-49960
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint...
PT-2024-13842 · Indo Sol · Indo-Sol Profinet-Inspektor Nt
Name of the Vulnerable Software and Affected Versions: Indo-Sol PROFINET-INspektor NT versions 2.4.0 and earlier Description: A path traversal issue in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the...
SUSE CVE-2018-1079
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...
PT-2023-9825
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.1 Description Gogs, an open-source self-hosted Git service, has an issue that allows a malicious user to write a file to an arbitrary path on the server, potentially gaining SSH access. The vulnerability resides in...
CVE-2023-43654 TorchServe Server-Side Request Forgery
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...
PT-2023-4886 · Siemens · Ruggedcom Crossbow
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.4 Description: A vulnerability has been identified that allows unauthenticated remote attackers to write arbitrary files to the affected application's file system due to the lack of authentication for a...
Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack
Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile EPMM, formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 CVSS score: 7.8, impacts support...
CVE-2022-46723
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files...
SUSE CVE-2013-2186
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
SUSE CVE-2015-4152
Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option...
SUSE CVE-2016-4971
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource...