CVE-2024-31850
https://notcve.org/view.php?id=CVE-2024-31850
A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. Existe una vulnerabilidad de path traversal en la versión Java de CData Arc < 23.4.8839 cuando se ejecuta utilizando el servidor Jetty integrado, lo que podría permitir que un atacante remoto no autenticado obtenga acceso a información confidencial y realice acciones limitadas. • https://github.com/Stuub/CVE-2024-31848-PoC https://www.tenable.com/security/research/tra-2024-09 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-24243
https://notcve.org/view.php?id=CVE-2023-24243
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). • https://arc.cdata.com https://arc.cdata.com/trial https://gist.github.com/d3vc0r3/6460a5f006e32a2ebffe739e411ab1b8 https://www.cdata.com/kb/entries/netembeddedserver-notice.rst • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2015-9275
https://notcve.org/view.php?id=CVE-2015-9275
ARC 5.21q allows directory traversal via a full pathname in an archive file. ARC 5.21q permite saltos de directorio mediante un nombre de ruta completo en un archivo. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00048.html https://bugs.debian.org/774527 https://bugzilla.redhat.com/show_bug.cgi?id=1179142 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2005-2992
https://notcve.org/view.php?id=CVE-2005-2992
arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945. • http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0535.html http://marc.info/?l=bugtraq&m=112689596714383&w=2 http://secunia.com/advisories/16805 http://secunia.com/advisories/17068 http://securityreason.com/securityalert/11 http://www.debian.org/security/2005/dsa-843 •
CVE-2005-2945
https://notcve.org/view.php?id=CVE-2005-2945
arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c). • http://marc.info/?l=bugtraq&m=112689596714383&w=2 http://secunia.com/advisories/16805 http://secunia.com/advisories/17068 http://www.debian.org/security/2005/dsa-843 http://www.zataz.net/adviso/arc-09052005.txt •