CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files

Craft is a content management system CMS. The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function...

CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files

Craft is a content management system CMS. The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function...

TIBCO Security Advisory: November 12, 2024 - TIBCO Hawk & Operational Intelligence - CVE-2024-10218

TIBCO Hawk Stored-XEE Vulnerability Original release date: November 12, 2024 Last revised: --- CVE-2024-10218 Source: TIBCO Software Inc. Products Affected TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, and 6.3.0 TIBCO Operational Intelligence Hawk versions 7.2.0, 7.2.1, and 7.2.2 Compone...

Siemens SINEC NMS 安全漏洞

SINEC NMS is a new generation network management system for digital enterprises. The system enables centralized monitoring, management and configuration of the network. A privilege assignment error vulnerability exists in Siemens SINEC NMS, which can be exploited by an attacker to write arbitrary...

CVE-2024-11067

The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through...

CVE-2024-11067

The CVE-2024-11067 entry concerns the D-Link DSL6740C modem/router. Affected component: path traversal vulnerability in the device’s resource/file handling that allows unauthenticated remote attackers to read arbitrary system files. Underlying cause: improper filtering of path elements leading to...

VulnCheck KEV: CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

GHSA-CWGG-57XJ-G77R changedetection.io Path Traversal

Summary When a WebDriver is used to fetch files source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked Details The root cause is the payload source:file:///etc/passwdpasses the regex here and also passes the check here wher...

CVE-2024-10651

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files...

PT-2024-16430 · Changing Information Technology · Idexpert

Name of the Vulnerable Software and Affected Versions: IDExpert from CHANGING Information Technology affected versions not specified Description: The issue is related to the improper validation of a specific parameter in the administrator interface of IDExpert, allowing remote attackers with...

CVE-2024-5823

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions = 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior...

CVE-2024-44260

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious app with root privileges may be able to modify the contents of system files...

CVE-2024-44260

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app with root privileges may be able to modify the contents of system files...

CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2024-44258

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2024-44252

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2024-44260

CVE-2024-44260 affects macOS systems where a malicious app with root privileges could modify system files due to vulnerable code that has been removed. The vulnerability is addressed in macOS Ventura 13.7.1 and macOS Sonoma 14.7.1, per the CVE description. Multiple security feeds (Red Hat, Nessus...

CVE-2024-44260

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious app with root privileges may be able to modify the contents of system files...

CVE-2024-44260

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app with root privileges may be able to modify the contents of system files...

CVE-2024-44294

CVE-2024-44294 describes a path deletion vulnerability in macOS that could allow an attacker with root privileges to delete protected system files. The issue is mitigated by code changes that prevent vulnerable operations from running with elevated privileges. Apple fixed this in macOS Ventura 13...