68 matches found
pip 安全漏洞
pip is a Python package installer developed by the Python Packaging Authority. There is a security vulnerability in pip, which arises from the use of a specially crafted entry point name during the installation of malicious Python wheels. This can lead to arbitrary file overwriting...
WordPress plugin Perfmatters 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Directus 安全漏洞
Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.16.1 contained a security vulnerability. This vulnerability stemmed from the TUS recoverable upload endpoint, which only performed...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the readDir API endpoint. An attacker can access and enumerate arbitrary directories and retrieve file names by sending crafted requests to the endpoint. Details A Directory Traversal attack also known as path...
BusyBox 安全漏洞
BusyBox is a set of applications developed by Denis Vlasenko from Ukraine. It contains multiple Linux commands and tools. BusyBox has a security vulnerability, which stems from an incomplete cleanup of the archive extraction tool’s path. This could lead to arbitrary file overwriting when extracti...
EUVD-2025-18258
Malicious code in bioql PyPI...
EUVD-2021-8459
Malicious code in bioql PyPI...
OpenAI Codex CLI 安全漏洞
OpenAI Codex CLI is an OpenAI open source lightweight coding agent software that runs in the terminal. A security vulnerability exists in OpenAI Codex CLI that stems from the fact that use of Codex CLI in a malicious context could lead to arbitrary file overwriting and potential remote code...
CVE-2025-36506
External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data...
CVE-2021-25833
A file extension handling issue was found in server module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code executi...
CVE-2019-11458
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...
CVE-2009-2169
Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control pdfviewer.ocx in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the...
PT-2025-16933 · WordPress · Wp Editor
Name of the Vulnerable Software and Affected Versions: WP Editor plugin for WordPress versions up to and including 1.2.9.1 Description: The WP Editor plugin for WordPress is susceptible to arbitrary file update due to a missing file path validation. This allows authenticated attackers with...
zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write
Summary In the archive extraction routine of affected versions of the zip crate, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in th...
Trend Micro VPN 安全漏洞
Trend Micro VPN is a best-of-breed virtual private network service from Trend Micro. A security vulnerability exists in Trend Micro VPN version 5.8.1012 and prior versions, which stems from a vulnerability to arbitrary file overwriting under certain conditions, resulting in elevated privileges...
About the security content of macOS Ventura 13.6.8
About the security content of macOS Ventura 13.6.8 This document describes the security content of macOS Ventura 13.6.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
CVE-2024-25975
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is...
CVE-2023-28458
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...
nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite
A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on...
NPM arborist 后置链接漏洞
NPM arborist is a software package from the American company npm NPM. It is used to visualize hierarchical data stored as flat lists. A backlink vulnerability exists in arborist that allows an attacker to perform arbitrary file creation, arbitrary file overwriting, and arbitrary code execution...