46 matches found
Centova Cast 安全漏洞
Centova Cast is an internet-based broadcast streaming media management control panel provided by the Canadian company Centova. Version 3.2.11 of Centova Cast contains a security vulnerability. This vulnerability allows authenticated attackers to retrieve arbitrary system files through the...
CVE-2026-25539
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive...
EUVD-2026-5331
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive...
CVE-2026-25539
SiYuan has an Arbitrary File Write vulnerability via /api/file/copyFile. Prior to version 3.5.5, the dest parameter is not validated, allowing an authenticated user to copy a file to arbitrary locations (e.g., cron jobs, SSH authorized_keys, or shell config files) and achieve Remote Code Executio...
CVE-2026-25539 SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive...
CVE-2026-25539
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive...
CVE-2026-25539 SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive...
GHSA-C4JR-5Q7W-F6R9 SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE
Summary The /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive locations such as cron jobs, SSH authorizedkeys, or shell...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the copyFile function, which fails to validate the dest parameter. An attacker can write files to arbitrary locations on the filesystem by supplying crafted paths, potentially leading to execution of malicious co...
SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE
Summary The /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive locations such as cron jobs, SSH authorizedkeys, or shell...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the copyFile function, which fails to validate the dest parameter. An attacker can write files to arbitrary locations on the filesystem by supplying crafted paths, potentially leading to execution of malicious co...
PT-2026-6318
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.5 Description SiYuan is a personal knowledge management system. The /api/file/copyFile endpoint does not validate the dest parameter. This allows authenticated users to write files to arbitrary locations on the...
Linux Distros Unpatched Vulnerability : CVE-2020-14019
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus...
May 9, 2023—KB5026368 (OS Build 22000.1936)
May 9, 2023—KB5026368 OS Build 22000.1936 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page.Note Follow @WindowsUpdate to find out when...
SUSE CVE-2020-14019
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus permissions are not preserved...
AZL-44778 CVE-2020-14019 affecting package python-rtslib 2.1.fb69-9
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus permissions are not preserved...
DEBIAN-CVE-2020-14019
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus permissions are not preserved...
PYSEC-2020-250
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus permissions are not preserved...
DoorGets Sensitive Information Disclosure Vulnerability (CNVD-2019-13788)
DoorGets is a free and open source content management system. A sensitive information disclosure vulnerability exists in /fileman/php/copyfile.php in doorGets 7.0. A remote, unauthenticated attacker can exploit this vulnerability to obtain sensitive information about the server...
CVE-2019-11606
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information...