CVE-2024-53280

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in network center policy route functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files...

CVE-2024-53279

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in file station functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensiti...

CVE-2024-53281

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Network WOL functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct...

CVE-2024-43415

CVE-2024-43415 — A SQL injection in the decidim_awesome-module (papertrail/version-model) allows an authenticated admin to manipulate SQL queries in vulnerable versions (0.9.0–0.11.1). This can lead to information disclosure, filesystem read/write, or remote code execution. Root cause: improper n...

CVE-2024-43415 Decidim-Awesome: SQL injection in AdminAccountability

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

jj vulnerable to path traversal via crafted Git repositories

Impact Specially crafted Git repositories can cause jj to write files outside the clone. Patches Fixed in 0.23.0. Workarounds Not much other than to not clone repositories from untrusted sources. References Here's the original report from @joernchen: When cloning a crafted Git repository it is...

Apache ActiveMQ Artemis 安全漏洞

Apache ActiveMQ Artemis is a high-performance open source messaging agent from the Apache USA Foundation. A security vulnerability exists in Apache ActiveMQ Artemis versions prior to 2.29.0, which stems from allowing access to diagnostic information and controls via MBean, which allows an attacke...

CentOS 7 : buildah (RHSA-2020:2116)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2116 advisory. - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious containe...

CVE-2024-43387 Phoenix Contact: Access files due to improper neutralization of special elements in MGUARD devices

A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAILRELAYPASSWORD in mGuard devices...

CVE-2024-7634

NGINX Agent's "configdirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory...

The vulnerability of the Git-based software platform for collaborative code development on GitLab relates to an error in token processing by LFS. This error allows attackers to gain unauthorized access to protected information and write arbitrary files.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to an error in token processing for LFS operations. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information and...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices version 6.27.0.113, which stemmed from an improper input validation issue in...

PT-2024-26870 · Kalkitech · Kalkitech Ase Ase61850 Iedsmart

Name of the Vulnerable Software and Affected Versions: Kalkitech ASE ASE61850 IEDSmart versions 2.3.5 and earlier Description: The issue allows attackers to read and write arbitrary files via the IEC61850 File Transfer protocol. This is a result of a Directory Traversal vulnerability...

New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional...

SUSE CVE-2019-11246

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user's machine. If the tar binary in the container is...

The vulnerability of Telit Cinterion modem’s microprogramming software, related to bypassing the relative path, allows a intruder to gain access to read and write any arbitrary files on the system.

The vulnerability of Telit Cinterion modem’s microprogramming software relates to the exploitation of a relative path. Exploiting this vulnerability can allow an attacker to gain access to read and write arbitrary system files...

CVE-2024-20326

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

CVE-2023-50197

Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-3746

The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files...

CVE-2023-46808

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user...