PYSEC-2019-106

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during extraction...

PYSEC-2019-36

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during extraction...

USN-4106-1 NLTK vulnerability

Mike Salvatore discovered that NLTK mishandled crafted ZIP archives during extraction. A remote attacker could use this vulnerability to write arbitrary files to the filesystem...

UBUNTU-CVE-2019-14751

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during extraction...

RHEL 7 : OpenShift Container Platform 3.11 jenkins (RHSA-2019:2503)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2503 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

jenkins: Arbitrary file write vulnerability using file parameter definitions (SECURITY-1424)

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...

Important: Red Hat Security Advisory: OpenShift Container Platform 3.11 jenkins security update

An update for jenkins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

The vulnerability in the web interface for managing Cisco Small Business Series 220 routers allows a perpetrator to write arbitrary files to the device’s file system.

The vulnerability of the Cisco Small Business Series 220 router management web interface is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to write arbitrary files to the device’s file system by sending specially crafted HTTP or HTTPS...

The vulnerability of the IcedTea-Web plugin, related to errors in processing JNLP files, allows a hacker to write any files into the device’s file system.

The vulnerability of the IcedTea-Web plugin is related to errors in processing JNLP files. Exploiting this vulnerability allows a remote attacker to write arbitrary files to the device’s file system using a specially created application...

Arbitrary File Write

github.com/containers/libpod is vulnerable to arbitrary file write. The vulnerability exists through a symlink attack where an administrator can copy a file from the container to the host system...

CVE-2019-14521

The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter...

CVE-2016-10847

cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath SEC-80...

CVE-2018-20882

cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change SEC-447...

CVE-2018-20882

CVE-2018-20882 affects cPanel prior to 74.0.8, enabling arbitrary file-write under the root context during WHM Force Password Change (SEC-447). This is a local-attack vector impacting systems running affected cPanel versions. The vulnerability arises in the root context during the password-change...

CVE-2018-20882

cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change SEC-447...

USN-4085-1 Sigil vulnerability

Mike Salvatore discovered that Sigil mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem...

CVE-2019-10185

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break o...

icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite

It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox...

Jenkins < 2.186 and < 2.176.2 LTS Multiple Vulnerabilities - Windows

Jenkins is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Jenkins < 2.186 and < 2.176.2 LTS Multiple Vulnerabilities - Linux

Jenkins is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...