Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/sassoftware/go-rpmutils/cpio is a package for parsing and extracting content from RPM files. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. The CPIO extraction functionality doesn't sanitize the paths of the archived...

CVE-2020-1070

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1048...

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability (CNVD-2019-37414)

Cisco TelePresence is a Cisco TelePresence solution. A security vulnerability exists in Cisco TelePresence Collaboration Endpoint CE versions prior to 9.8.1 due to an improperly implemented privilege. An attacker can exploit the vulnerability to overwrite arbitrary files by logging in and...

PYSEC-2019-36

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during extraction...

Pulse Secure Desktop Client for Windows Arbitrary File Write Vulnerability

Pulse Secure Desktop Client for Windows is a suite of Windows-based client software from Pulse Secure, Inc. for end devices that access Juniper Pulse Secure gateways. A security vulnerability exists in Pulse Secure Desktop Client versions 5.3 through R6.0 build 1769 for Windows-based platforms. T...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview org.zeroturnaround:zt-zip is a library that helps to create, modify or extract ZIP archives. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". It is exploited using a specially crafted zip archive, that holds path traversal...