CVE-2025-59711

An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through a discrepancy in path normalization between protocol handlers and internal routing. An attacker can bypass folder-level permissions or escape the boundaries of a configured virtual folder by crafting specific...

UBUNTU-CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

CVE-2025-59469

This vulnerability allows a Backup or Tape Operator to write files as root...

CVE-2025-7376

Windows Shortcut Following .LNK vulnerability in multiple processes of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions...

CVE-2023-5834

HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0...

CVE-2025-22859

A Relative Path Traversal vulnerability CWE-23 in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests...

Important: rsync

Issue Overview: A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data...

CVE-2024-7399

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority...

BIT-FLINK-2020-17518 Apache Flink directory traversal attack: remote file writing through the REST API

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

CVE-2023-28371

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

CVE-2023-28371

CVE-2023-28371 affects Stellarium up to version 1.2, enabling arbitrary file writes via absolute pathnames or .. directory traversal. Connected advisories confirm the root cause is improper file write permissions within Stellarium’s handling of path traversal. Impact is high (potential data discl...

CVE-2022-31590

SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the...

CVE-2022-1359

The CVE-2022-1359 entry describes an arbitrary file-write path traversal vulnerability in Cambium Networks cnMaestro On-Premises. An attacker can supply ../ in a filename to write data to arbitrary server files via a restricted pathname in a specific route. This affects On-Premise cnMaestro and c...

CVE-2021-3722

The CVE-2021-3722 entry affects Lenovo PCManager prior to version 4.0.40.2175. It describes a vulnerability where installation could allow configuration files to be written to non-standard locations, impacting availability. The connected documents provide no details on exploit steps, affected pro...

CVE-2016-4386

HPE Network Automation Software 10.10 allows local users to write to arbitrary files via unspecified vectors...

PHP 5.3 'mail.log' Configuration Option 'open_basedir' Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36007/info PHP is prone to an 'openbasedir' restriction-bypass vulnerability because of a design error. Successful exploits could allow an attacker to write files in unauthorized locations. This vulnerability would be an...

PHP 4.x - copy() Safe_Mode Bypass

PHP 4.x - copy SafeMode Bypass source: https://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations...

Уязвимость файловой системы в AIX

При некоторых условиях пользователь может записать файл, даже не имея на это разрешений...