SonicWall NetExtender arbitrary file write vulnerability

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. CVE: CVE-2020-5131 Last updated: July 16, 2020, 9:01 a.m...

Adobe Creative Cloud Desktop Application Backlink Vulnerability (NVD-C-2020-154995)

Adobe Creative Cloud Desktop Application is a suite of applications for managing applications and services in the Creative Cloud Membership Management Center from Adobe USA. The program supports synchronizing and sharing files, managing fonts, and accessing asset libraries for commercial...

The vulnerability of the EPUB Sigil software for editing e-books lies in the incorrect path limitation for accessing the restricted catalog. This allows attackers to write arbitrary files into any directory they choose.

The vulnerability of EPUB format electronic book editing software like Sigil exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files to any directory...

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-38175)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An unspecified vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to write arbitrary files in the SD card area...

Arbitrary File Write

github.com/sassoftware/go-rpmutils is vulnerable to arbitrary file write. The vulnerability exists as the extract function in cpio/extracttest.go does not restrict the filepath path to the dest, allowing extraction outside the permitted cpio path...

Directory Traversal

github.com/unknwon/cae is vulnerable to directory traversal. The vulnerability exists as the ExtractTo function does not sanitize file paths in zip archives, allowing ../ in file path to be resolved outside the intended extraction folder and potentially allowing arbitrary file write...

Arbitrary File Write

github.com/unknwon/cae/zip is vulnerable to arbitrary file write Zip-slip vulnerability. Lack of sanitization of zip archives file path destPath in the function ExtractToFunc for file names with leading or non-leading ".." allows malicious user to perform rewriting of files system-wide...

CVE-2020-7664

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

Directory Traversal

Overview fast-http is a library that allows you to create a tiny web server. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in the path provided at fs.readFile in index.js. PoC by JHU System Security Lab 1. Start the server var Server =...

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

CVE-2020-7668 Arbitrary File Write via Archive Extraction (Zip Slip)

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

CVE-2020-7664 Arbitrary File Write via Archive Extraction (Zip Slip)

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/helm/helm/pkg/plugin/installer is a Kubernetes Package Manager. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. When installing Helm plugins from a tar archive over HTTP, it is possible for a malicious plugin author to...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview helm.sh/helm/v3/pkg/plugin/installer is a Kubernetes Package Manager. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. When installing Helm plugins from a tar archive over HTTP, it is possible for a malicious plugin author to injec...

Arbitrary File Write

php-ews/php-ews is vulnerable to arbitrary file write. The vulnerability allows a malicious user to overwrite arbitrary files by sending a message containing an attachment with filename foo/../../../../../etc/passwd...

FreeBSD : NPM -- Multiple vulnerabilities (2a3588b4-ab12-11ea-a051-001b217b3468)

NPM reports : Global nodemodules Binary Overwrite Symlink reference outside of nodemodules Arbitrary File Write C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and...

Zoom Client Arbitrary File Write (CVE-2020-6109)

An arbitrary file write vulnerability exists in Zoom Client. Successful exploitation of this vulnerability could result in code execution on the affected system...

Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2020-61590)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge based on Chromium that stems from the Feedback extension not properly validating input. An attacker can exploit the vulnerability to writ...

The vulnerability of the microprogrammed control module software for Schneider Electric Easergy T300 (HU250) automation systems for transformer substations involves insecure management of privileges. This allows attackers to escalate their privileges and perform arbitrary file writing and deletion operations on the device.

The vulnerability of the microprogrammed control module software for Schneider Electric Easergy T300 HU250 automation systems for transformer substations is related to insecure privilege management. Exploiting this vulnerability allows an attacker to escalate their privileges and perform arbitrar...

Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write

Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write Vendor: Secure Computing Corp. Product web page: http://www.securecomputing.com Affected version: 3.1.5u1 Summary: The SG gateway appliance range provides Internet security and privacy of communications for small...