13 matches found
Missing Authentication for Critical Function
Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the upload API. An attacker can overwrite arbitrary files on the server filesystem by sending crafted...
Missing Authentication for Critical Function
Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the upload API. An attacker can overwrite arbitrary files on the server filesystem by sending crafted request...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the /3/Parse and /3/Frames/framename/export endpoints. An attacker can overwrite arbitrary files on the server, including sensitive files such as private SSH keys or script files, by injecting...
EUVD-2025-6978
Malicious code in bioql PyPI...
CVE-2020-25237
A vulnerability has been identified in SINEC NMS All versions V1.0 SP1 Update 1, SINEMA Server All versions V14.0 SP2 Update 2. When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within th...
CVE-2024-9415
A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server...
CVE-2024-6854
CVE-2024-6854 affects h2oai/h2o-3 (v3.46.0). The export-model endpoint does not restrict the destination path, enabling an attacker to export a model to arbitrary locations on the server’s filesystem and overwrite files. The overwrite target content is not controllable by the attacker, but the at...
Exploit for CVE-2024-32258
Overview - CVE ID: CVE-2024-32258https://vulners.com/...
Dell DM5500 路径遍历漏洞
The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. The Dell DM5500 suffers from a path traversal vulnerability that stems from a failure to properly filter special elements in the path of a...
MindsDB 路径遍历漏洞
MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A path traversal vulnerability exists in MindsDB version v23.1.5.0 and prior versions, which stems from performing an insecure extraction from a remotely retrieved tarball using tarfile.extractall, resulting in writing t...
Reprise Software Reprise License Manager 路径遍历漏洞
Reprise Software Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications. A path traversal vulnerability exis...
CVE-2020-13355
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: =8.14, =13.4, =13.5, 13.5.2...
CVE-2010-2251
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted...