CVE-2022-38638

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource...

EUVD-2018-4029

Malware in sbrugna...

EUVD-2025-4486

Malicious code in bioql PyPI...

EUVD-2022-43406

Malicious code in bioql PyPI...

EUVD-2023-0354

Malicious code in bioql PyPI...

CVE-2022-28964

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 build 21.11.6809.528 allows attackers to cause a Denial of Service DoS via a crafted DLL file...

CVE-2020-25289

The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory which has weak permissions...

CVE-2020-5825

Symantec Endpoint Protection SEP and Symantec Endpoint Protection Small Business Edition SEP SBE, prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing...

CVE-2025-25761

HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

CVE-2025-0573

CVE-2025-0573 concerns the Sante PACS Server, where the vulnerability lies in the DCM file parsing that fails to validate a user-supplied path before file operations. This directory traversal can allow an unauthenticated, remote attacker to write arbitrary files on the server, running with the cu...

[SECURITY] [DLA 3884-1] cacti security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3884-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 09, 2024 https://wiki.debian.org/LTS -...

Microsoft Exchange ProxyLogon Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework begin auxiliary class class MetasploitModule 'Microsoft Exchange ProxyLogon Scanner', 'Description' = %q This module scan for a vulnerability on Microsoft Exchange Serve...

RHEL 7 : CloudForms 4.6.5 (RHSA-2018:3466)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3466 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments...

Rocky Linux 9 : gzip (RLSA-2022:4582)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4582 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted fi...

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

CVE-2023-3252

CVE-2023-3252 affects Tenable Nessus prior to 10.5.5, where an authenticated, remote attacker with administrator privileges could modify logging variables to write arbitrary files on the remote host, causing a denial of service. The vulnerability is addressed in Nessus 10.5.5 (per TNS-2023-31). R...

SUSE-RU-2023:3370-1 Recommended update for rsync

This update for rsync fixes the following issues: - Update to version 3.2.3 jscSLE-21252, jscPED-3146 - Add support for using --atimes to preserve atime of files in destination sync jscPED-3145 - Remove SuSEfirewall2 service as this was replaced by firewalld which already provides a rsyncd servic...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.17 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-16)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.17. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Code Dx Plugin CVE-2023-2195,...

Security update for stellarium (important)

openSUSE Security Update: Security update for stellarium Announcement ID: openSUSE-SU-2023:0097-1 Rating: important References: 1209285 Cross-References: CVE-2023-28371 CVSS scores: CVE-2023-28371 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...