DWSurvey 代码问题漏洞

DWSurvey is a survey system written in Java. DWSurvey v3.2.0 has a security vulnerability that allows an attacker to write arbitrary files via the component /utils/ToHtmlServlet.java...

Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

GHSA-VW83-H3MQ-3QWJ Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

GHSA-6H3M-36W8-HV68 Arbitrary file write in nats-server

This document is canonically: Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. JetStream is the optional RAFT-based resilient persistent feature of NATS. Problem Description The JetStream...

DEBIAN-CVE-2022-26520

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

CVE-2022-26520

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

Luocms 安全漏洞

Luocms v2.0 is an article management system. Luocms v2.0 is vulnerable to an arbitrary file-writing vulnerability that results from insufficient validation of filecontent submissions and filenamede filenames, which can be exploited to write arbitrary shell files via /admin/templates/templatemanag...

PT-2022-17985 · Unknown · Nats Server +1

Name of the Vulnerable Software and Affected Versions: NATS Server versions 2.2.0 through 2.7.3 NATS Streaming Server versions 0.15.0 through 0.24.2 Description: The issue allows for Directory Traversal with write access via an element in a ZIP archive for JetStream streams, enabling arbitrary fi...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to a possible load of system library files from an unintended working directory. Details A Directory Traversal attack also known as path traversal aims to access files and directories that are stored outside the...

The vulnerability of the Windows Defender antivirus program for the Windows operating system, related to the disclosure of information in the erroneous data area, allows a perpetrator to write arbitrary files.

The vulnerability of the Windows Defender antivirus program in the Windows operating system is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability allows a malicious individual to identify locations in the file system that are excluded from Windows...

CVE-2021-3762

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution...

Directory traversal

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution...

CVE-2021-3762

CVE-2021-3762 affects Clair’s ClairCore engine (directory traversal in Clair/ ClairCore) that allows arbitrary file writes when scanning a crafted container image, potentially enabling remote code execution. Several connected sources corroborate a path-traversal vulnerability within the ClairCore...

PT-2022-5801 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: FortiClientWindows versions 7.0.0 through 7.0.3 FortiClientWindows versions 6.4.0 through 6.4.7 FortiClientWindows versions 6.2.0 through 6.2.9 FortiClientWindows versions 6.0.0 through 6.0.10 Description: The issue is related to insecure...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke them remotely or wait for...

CVE-2022-25297

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save method may enable attackers to write files to arbitrary locations outside the designated target folder...

CVE-2022-25299 Arbitrary File Write

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mghttpupload method may enable attackers to write files to arbitrary locations outside the designated target folder...

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a set of embedded server libraries from the Irish company Cesanta, which includes features for TCP, HTTP clients and servers, and WenSocket clients and servers. A security vulnerability exists in mongoose, which stems from the use of the mg http upload method's insecure handli...

GHSA-673J-QM5F-XPV8 pgjdbc Arbitrary File Write Vulnerability

Overview The connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows...

pgjdbc Arbitrary File Write Vulnerability

Overview The connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows...