1646 matches found
Generic Zip Slip Traversal Vulnerability
This is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive...
CVE-2018-20990
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive...
CVE-2018-20990
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive...
Design/Logic Flaw
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive...
CVE-2019-3974
CVE-2019-3974 affects Tenable Nessus on Windows (versions 8.5.2 and earlier). The issue allows arbitrary overwriting of certain system files, potentially causing a denial-of-service condition. Root cause: file overwrite flaw in Nessus’ Windows file handling. Affected product/version per sources: ...
Security update for icedtea-web (important)
openSUSE Security Update: Security update for icedtea-web Announcement ID: openSUSE-SU-2019:1911-1 Rating: important References: 1142825 1142832 1142835 Cross-References: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilities ...
RHEL 8 : icedtea-web (RHSA-2019:2004)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2004 advisory. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It...
Arbitrary File Overwrite
keepalived is vulnerable to arbitrary file overwrite. The vulnerability exists as there is an improper pathname validation that allows for overwrite of arbitrary filenames via symlinks...
Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability (CNVD-2019-38857)
Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A path traversal vulnerability exists in the CLI for Cisco Enterprise NFV...
CVE-2016-10804
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore SEC-58...
CVE-2016-10804
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore SEC-58...
Design/Logic Flaw
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore SEC-58...
CVE-2016-10804
The CVE-2016-10804 issue affects cPanel prior to 57.9999.54, where the SQLite journal feature can cause arbitrary file overwrites during Horde Restore (SEC-58). Root cause: misuse of the SQLite journal leads to write operations to arbitrary files. Impact (per sources): High, with potential confid...
CVE-2016-10770
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update SEC-164...
CVE-2016-10770
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update SEC-164...
CVE-2016-10770
CVE-2016-10770 affects cPanel prior to 60.0.25. The vulnerability allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). The provided documents consistently describe this as a cPanel issue related to the update process, with no additional technical details (e.g., affected...
CVE-2017-18464
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor SEC-226...
Design/Logic Flaw
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor SEC-226...
Directory Traversal
icedtea-web is vulnerable to directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite...
Design/Logic Flaw
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update SEC-303...