48 matches found
GHSA-6GQR-MX34-WH8R Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection
TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to create pages, files or users pages.create, files.create or users.create permission is disabled. This can be due to configuration in the user blueprints, via options in the model blueprints or v...
CVE-2026-41325
Kirby exposes an authorization bypass vulnerability during creation of pages, files and users via dynamic blueprint injection. Prior to versions 4.9.0 and 5.4.0, an attacker could inject custom blueprint options (e.g., 'create' => true) into the model data, overriding permissions defined in us...
CVE-2026-41325 Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection
Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...
CVE-2026-30228 Parse Server: File creation and deletion bypasses `readOnlyMasterKey` write restriction
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.5 and 9.5.0-alpha.3, the readOnlyMasterKey can be used to create and delete files via the Files API POST /files/:filename, DELETE /files/:filename. This bypasses the...
USN-7942-2 glib2.0 vulnerabilities
USN-7942-1 fixed vulnerabilities in GLib. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2025-3360 only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that GLib...
EUVD-2008-6554
Malware in sbrugna...
AZL-55159 CVE-2024-56588 affecting package kernel for versions less than 6.6.76.1-1
In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Create all dump files during debugfs initialization For the current debugfs of hisisas, after user triggers dump, the driver allocate memory space to save the register information and create debugfs files to displa...
PT-2024-31567 · Sonicwall · Sonicwall Connect Tunnel
Name of the Vulnerable Software and Affected Versions: SonicWall Connect Tunnel versions 12.4.3.271 and earlier Description: The issue allows users with standard privileges to create arbitrary folders and files, potentially leading to a local Denial of Service DoS attack due to improper link...
CVE-2023-39480 Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability
Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...
Beckhoff TwinCAT OPC UA Server Path Traversal (CVE-2021-34594)
TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system. This plugin only works with Tenable.ot. Please visit...
CVE-2019-7234
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloade...
CVE-2018-14651
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes vi...
CVE-2018-14651
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes vi...
Code injection
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes vi...
CVE-2018-14651
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes vi...
CVE-2017-16603
This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...
MySQL / MariaDB / PerconaDB - mention the rights/conditions of competition vulnerability(POC)-vulnerability warning-the black bar safety net
Vulnerability found person: Dawid Golunski Vulnerability level: severe CVE number: CVE-2 0 1 6-6 6 6 3 / CVE-2 0 1 6-5 6 1 6 Vulnerability impact: MariaDB 5.5.52 10.1.18 10.0.28 MySQL = 5.5.51 = 5.6.32 = 5.7.14 Percona Server 5.5.51-38.2 5.6.32-7 8-1 5.7.14-8 Percona XtraDB Cluster 5.6.32-25.17...
LXC directory traversal
Directory traversal on lock files creation...
Jython weak permissions
Weak permissions on cache files creation...
C-BOARD Moyuku Remote Code Execution Vulnerability
C-BOARD Moyuku is a forum program. C-BOARD Moyuku is designed to properly filter user input, allowing attackers to exploit vulnerabilities to create arbitrary files and execute them...