Cisco TelePresence CE Software CVE-2019-15962 Local Arbitrary File Write Vulnerability

Description Cisco TelePresence Collaboration Endpoint Software is prone to a local arbitrary file-write vulnerability. Successful exploits may allow an attacker to write arbitrary files on the root directory. This issue is being tracked by Cisco Bug ID CSCvq47315. Technologies Affected Cisco...

cPanel Injection Vulnerability (CNVD-2019-36138)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An injection vulnerability exists in cPanel versions prior to 11.54.0.4. The vulnerability stems from a lack of proper validation...

Arbitrary File Write

Overview Versions of decompress prior to 4.2.1 are vulnerable to Arbitrary File Write. The package fails to prevent extraction of files with relative paths, allowing attackers to write to any folder in the system by including filenames containing../. Recommendation Upgrade to version 4.2.1 or...

Directory Traversal

Overview iobroker.admin is an User interface for configuration and administration of ioBroker. Affected versions of this package are vulnerable to Directory Traversal. An attacker can include file contents from outside the /log/file1/ directory. Note: The attacker has to be logged in if the...

Arbitrary File Write

github.com/kubernetes/kubernetes is vulnerable to arbitrary file write. The kubectl cp command does not safely process symlinks during unpacking, which would allow an attacker to unpack files outside of the destination directory...

Symlink Arbitrary File Overwrite in bower

Versions of bower prior to 1.8.8 are affected by an arbitrary file write vulnerability. The vulnerability occurs because bower does not verify that extracted symbolic links do not resolve to targets outside of the extraction root directory. Recommendation Update to version 1.8.8 or later...

Siemens SIMATIC WinCC PdlComponents.dll control has an arbitrary file write vulnerability

Siemens SIMATIC is an automation software with a single engineering environment.WinCC supports the discovery and configuration of LAN device information with the PN-DCP protocol at the Ethernet layer. An arbitrary file write vulnerability exists in the Siemens SIMATIC WinCC PdlComponents.dll...

CVE-2019-5484

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted...

MGASA-2019-0250 Updated mercurial packages fix security vulnerability

It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this vulnerability to write arbitrary files to the target’s filesystem CVE-2019-3902...

MGASA-2019-0249 Updated sigil packages fix security vulnerability

Updated sigil package fixes security vulnerability: Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem CVE-2019-14452...

USN-4123-1 npm/fstream vulnerability

It was discovered that npm/fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write aritrary files to the filesystem...

OPENSUSE-SU-2019:2050-1 Security update for httpie

This update for httpie fixes the following issues: httpie was updated to version 1.0.3: Fix CVE-2019-10751 HTTPie is volnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a...

UBUNTU-CVE-2019-11246

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

DEBIAN-CVE-2019-10751

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...

CVE-2019-10751

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...

PYSEC-2019-23

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...

UBUNTU-CVE-2019-10751

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...

CVE-2019-10751

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control...

Jspxcms has an arbitrary file write vulnerability

Jspxcms is a scalable enterprise-class open source web content management system CMS. Jspxcms has an arbitrary file write vulnerability that can be exploited by attackers to gain server privileges...

PYSEC-2019-106

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during extraction...