10 matches found
Arbitrary File Upload
Overview @strapi/upload is a Makes it easy to upload images and files to your Strapi Application. Affected versions of this package are vulnerable to Arbitrary File Upload via the Content API uploadFiles and replaceFile handlers, which bypass administrator-configured MIME type restrictions. An...
CVE-2024-30117
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances...
CVE-2024-0949
CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...
SUSE CVE-2021-47433
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix abort logic in btrfsreplacefileextents Error injection testing uncovered a case where we'd end up with a corrupt file system with a missing extent in the middle of a file. This occurs because the if statement to decide...
DEBIAN-CVE-2021-47433
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix abort logic in btrfsreplacefileextents Error injection testing uncovered a case where we'd end up with a corrupt file system with a missing extent in the middle of a file. This occurs because the if statement to decide...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from an abort logic error in btrfsreplacefileextents...
PT-2024-26273 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.113 Description: The issue is related to Cross Site Scripting XSS and can be exploited via the sys data replace.php file. Recommendations: For DedeCMS version 5.7.113, at the moment, there is no information about a newer...
CVE-2020-23834
Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem...
RubyGems < 2.6.13 - Arbitrary File Overwrite Exploit
Exploit for linux platform in category local exploits There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file...
CVE-2013-5725
The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL...