GHSA-JFXC-V5G9-38XR PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator

The Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker or compromised agent to write to arbitrary files outside of the configured workspace directory. By supplying relative path segments ../ in the target path, malicious actions can overwrite sensitive...

PT-2026-30764

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113 Description PraisonAI, a multi-agent teams system, contains a Path Traversal vulnerability in the Action Orchestrator feature. An attacker, or a compromised agent, can write to arbitrary files outside of the...

CVE-2024-23772

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges...

CVE-2024-23772

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges...

CVE-2024-23772

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges...

CVE-2024-23772

CVE-2024-23774 : Quest KACE Agent for Windows versions 12.0.38 and 13.1.23.0 have an unquoted Windows search path vulnerability in KSchedulerSvc.exe and AMPTools.exe. This local attack could allow code execution with NT Authority\SYSTEM privileges. The available connected Red Hat advisories confi...

CVE-2024-23772

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges...

RESTEasy: creation of insecure temp files

In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...

CVE-2023-0481

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user...

PT-2023-12769 · Com.Fasterxml · Java-Merge-Sort

Name of the Vulnerable Software and Affected Versions: com.fasterxml.util:java-merge-sort versions prior to 1.1.0 Description: The issue is related to an Insecure Temporary File in the StdTempFileProvider function, located in StdTempFileProvider.java. This function utilizes the permissive...

CVE-2022-42002

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...

GNOME Glib 后置链接漏洞

GNOME Glib is a multi-platform toolkit for creating graphical user interfaces and is the underlying core library for GTK+ and GNOME projects. A security vulnerability exists in GNOME GLib before 2.66.8, which stems from the fact that gfilereplace and GFILECREATEREPLACEDESTINATION incorrectly also...

Security Bulletin: IBM Sterling Connect:Direct for UNIX default file create permissions could expose sensitive information to a local user (CVE-2016-0380).

Summary By default, when it receives a new data file, IBM Sterling Connect:Direct for UNIX creates the file with permissions 664. These permissions, which give all local users read access to the file, may not be appropriate when Connect:Direct is used to receive sensitive information...

CVE-2016-10771

CVE-2016-10771 affects cPanel before 60.0.25, allowing file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). The issue resides in the ModSecurity audit logfile processing path, enabling unauthorized changes to filesystem state. Multiple connected sources cor...

PT-2014-6308 · Hewlett Packard · Hp Data Protector

Name of the Vulnerable Software and Affected Versions: HP Data Protector affected versions not specified Description: The issue allows remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. The vendor reportedly assert...

MobileCarty 1.0 Shell Upload / File Write

Exploit Title: MobileCartly 1.0 Multiple Vulnerabilities Date: 11/08/2012 Author: L0n3ly-H34rT Homepage: http://se3c.tk/ Contact: [email protected] Software Link : http://mobilecartly.com/mobilecartly.zip Tested on: Linux/Windows Remote File Upload : just upload shell.php here :...

Apple Safari libxslt File Create

Added: 10/24/2011 CVE: CVE-2011-1774 BID: 48840 OSVDB: 74017 Background Safari is a web browser for Mac OS X and Windows. Problem Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a...

Apple Safari libxslt File Create

Added: 10/24/2011 CVE: CVE-2011-1774 BID: 48840 OSVDB: 74017 Background Safari is a web browser for Mac OS X and Windows. Problem Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a...

VideoLAN Client (VLC) Win32 smb:// URI Buffer Overflow

$Id: vlcsmburi.rb 8475 2010-02-13 06:58:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

GdPicture Pro 'gdpicture4s.ocx' ActiveX控件任意文件覆盖漏洞

BUGTRAQ ID:31504 CNCAN ID：CNCAN-2008100305 GdPicture Pro是一款支持多格式的图像管理软件。 GdPicture Pro包含的gdpicture4s.ocx ActiveX控件存在设计错误，远程攻击者可以利用漏洞以应用程序权限覆盖系统文件。 SaveAsPDF方法允许通过sFilePath参数建立和覆盖文件，通过使用其他参数，如sTitle，攻击者可以注入HTML代码，使用hcp://协议执行。GdPicturePro5.Imaging也存在此漏洞。 GdPicture GdPicture Pro GdPicture GdPicture...