Ubuntu 18.04 LTS / 20.04 LTS : Gzip vulnerability (USN-5378-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5378-1 advisory. Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operatio...

SUSE SLES11 Security Update : xz (SUSE-SU-2022:14938-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:14938-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a...

Ubuntu 16.04 ESM : Gzip vulnerability (USN-5378-4)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5378-4 advisory. USN-5378-1 fixed a vulnerability in Gzip. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Tenable has extracted the preceding...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

CVE-2022-27261

CVE-2022-27261 describes an arbitrary file write vulnerability in Express-FileUpload v1.3.1. The issue allows uploading multiple files with the same name, leading to overwriting existing files on the web application server. Connected documents corroborate the affected product/version and impact, ...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write

Description file.copy operations in GruntJS are vulnerable to a TOC-TOU race condition leading to arbitrary file write when an attacker can create a symlink just after deletion of the dest symlink by repeatedly calling ln -s /etc/shadow2 dest/shadow2 in a while loop but right before the symlink i...

PT-2022-18338 · Unknown · Express-Fileupload

Name of the Vulnerable Software and Affected Versions: Express-FileUpload version 1.3.1 Description: The issue allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. This can be exploited due to an arbitrary file write...

The vulnerability of the gzip library, related to errors in file name processing, allows attackers to write any files into the system.

The vulnerability of the gzip library is related to errors in processing file names. Exploiting this vulnerability allows a malicious actor to write arbitrary files into the system using the command-line utilities zgrep and xzgrep...

Debian: Security Advisory (DLA-2976-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-2977-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary File Write

libarchive is vulnerable to arbitrary file write. An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would...

[SECURITY] [DLA 2977-1] xz-utils security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2977-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta April 10, 2022 https://wiki.debian.org/LTS -...

Debian DLA-2976-1 : gzip - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2976 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, th...

Debian DLA-2977-1 : xz-utils - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2977 advisory. An arbitrary-file-write vulnerability was discovered in xz-utils, which provides XZ-format compression utilities. For Debian 9 stretch, this problem has been fixed in versi...

Arbitrary File Write

hadoop-common is vulnerable to arbitrary file write.The vulnerable exists in the function unTar in FileUtil.java which allows an attacker to extract arbitrary files using symlink name...

CVE-2022-26612 Arbitrary file write in FileUtil#unpackEntries on Windows

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an...

CVE-2022-26627

Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file...