77 matches found
APSB24-55 : Security update available for Adobe After Effects
Adobe has released an update for Adobe After Effects for Windows and macOS. This update addresses critical, important and moderate security vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak and arbitrary file system write in the context of the current us...
Adobe After Effects < 23.6.9 / 24.0 < 24.6 Multiple Vulnerabilities (APSB24-55)
The version of Adobe After Effects installed on the remote Windows host is prior to 23.6.9, 24.6. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-55 advisory. - After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability...
PT-2024-5138
Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on...
Traccar 代码问题漏洞
Traccar is a Java-based website builder that provides GPS tracking functionality from Traccar Inc. in the United States. The software supports more than 170 GPS protocols and more than 1500 models of GPS tracking devices.Traccar can be used with any major SQL database system . It also provides an...
BIT-MAGENTO-2021-28584 Magento Commerce path traversal vulnerability in child theme store creation
Magento versions 2.4.2 and earlier, 2.4.1 and earlier and 2.3.6 and earlier are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required...
Siemens RUGGEDCOM CROSSBOW
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...
GHSA-WM5G-P99Q-66G4 elFinder vulnerable to path traversal in LocalVolumeDriver connector
Impact Path Traversal vulnerability in PHP LocalVolumeDriver connector. This vulnerability can be exploited by allowing untrusted users to write to the local file system. This issue was caused by incomplete validity checking of the supplied request parameters. That problem has been fixed in...
AVG Technologies AVG Antivirus 安全漏洞
AVG Technologies AVG Antivirus is a suite of antivirus software from the Czech company AVG Technologies. A security vulnerability exists in AVG Technologies AVG Antivirus prior to version 22.10, which originates from a vulnerability that allows an attacker with file system write privileges to...
PT-2022-18227 · WordPress · Import Any Xml/Csv File To Wordpress
Name of the Vulnerable Software and Affected Versions: Import any XML or CSV File to WordPress plugin versions prior to 3.6.9 Description: The issue allows highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path...
CVE-2022-38424
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...
Path traversal
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...
CVE-2022-38424 Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...
CVE-2022-38424 Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write
Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...
APSB22-44: Security updates available for ColdFusion
Adobe has released security updates for ColdFusion versions 2021 and 2018. These updates resolve Critical, Important and Moderate vulnerabilities that could lead to arbitrary code execution, arbitrary file system write, security feature bypass and privilege escalation...
CVE-2022-31219
Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation o...
APSB22-25 : Security update available for Adobe Bridge
Adobe has released a security update for Adobe Bridge. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution, arbitrary file system write and memory leak...
Magento Path Traversal vulnerability
Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is...
GHSA-7GPV-XRJR-F5H4 Magento Path Traversal vulnerability
Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is...
CVE-2022-25165
An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...
Amazon AWS VPN Client 安全漏洞
Amazon AWS VPN Client is a fully managed remote access VPN solution from Amazon.com, Inc. A security vulnerability exists in Amazon AWS VPN Client for Windows version 2.0.0, which stems from the disclosure of a user's Net-NTLMv2 hash when importing VPN configuration files. information, an attacke...