3 matches found
GHSA-CCJC-4QC3-JXQC Incus has an arbitrary file write via path traversal in S3 multipart upload
Summary The S3 protocol upload endpoint is vulnerable to path traversal and allows creation of arbitrary files on the host. This behavior could lead to arbitrary command execution. In internal/server/storage/s3/local/multipart.go, user-controlled upload ID is appended to the uploads directory...
CVE-2023-46808
An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user...
CVE-1999-1510
BisonFTP Server (Bisonware) is vulnerable: versions prior to 4.1 are affected by a buffer overflow in FTP command handlers (USER, LIST, CWD). Exploitation can cause remote denial of service and may allow arbitrary command execution. Public PoCs/exploits exist (e.g., Metasploit/MIS, OpenVAS refere...