Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/mholt/archiver/v3/cmd/arc is a cross-platform, multi-format archive utility and Go library. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the Unarchive functions. Details It is exploited using a specially crafted z...

Apache Archiva < 2.2.4 Multiple Vulnerabilities

Apache Archiva is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:archiva"; if...

Arbitrary File Overwrite

archiva-web-common is vulnerable to arbitrary file write and delete. The vulnerability exists as it was possible to provide a malicious file path via the file name, causing the file write and delete operations to be executed on files that exists out of the temporary folders...

Arbitrary File Write

ntp is vulnerable to arbitrary file write. Remote attackers with knowledge of remote configuration password and an IP address permitted to send configuration requests are able to write arbitrary files via the :config command...

Arbitrary File Write

hplip is vulnerable to arbitrary file write. A local attacker could use these flaws to perform a symbolic link attack, overwriting arbitrary files accessible to a process using HPLIP...

Apache Archiva Input Validation Error Vulnerability (CNVD-2019-26509)

Apache Archiva is a suite of software from the Apache USA Software Foundation for managing one or more remote repositories. The software provides features such as remote Repository agents, role-based secure access management, and usage reporting. An input validation error vulnerability in Apache...

CVE-2019-9951

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page...

Arbitrary File Write

mercurial is vulnerable to arbitrary file write attacks. The vulnerability is possible by using symlinks and subrepositories to bypass the validation of path checking, allowing the writing of files outside of the repository...

OFCMS Backend Arbitrary File Write Vulnerability

OFCMS is a content management system based on Java technology. OFCMS version before 1.1.3 has a backend arbitrary file write vulnerability. An attacker can exploit this vulnerability by traversing the admin/cms/template/getTemplates.html?respath=res directory to write arbitrary content in the...

CVE-2019-9611

An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...

Apache Storm < 1.1.3 / 1.2.x < 1.2.2 arbitrary file write vulnerability

The version of Apache Storm running on the remote host is prior to 1.1.3 or 1.2.x prior to 1.2.2. It is, therefore, affected by an arbitrary file write vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid122487; scriptversion"1.3"; scriptcvsdate"Date:...

Path traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths0 path traversal mitigation bypass, through the createfile action in execute.php...

CVE-2018-20793

The CVE-2018-20793 entry concerns tecrail Responsive FileManager version 9.13.4. A path traversal mitigation bypass in the create_file action of execute.php allows remote attackers to write arbitrary files, due to improper handling of paths[0]. This is a remote, unauthenticated vulnerability with...

UBUNTU-CVE-2019-8943

WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring...

Arbitrary File Write in cli

Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of Concept By...

GHSA-6CPC-MJ5C-M9RQ Arbitrary File Write in cli

Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of Concept By...

CVE-2019-8407

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...

Design/Logic Flaw

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...

CVE-2019-8407

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI...

Internet Bug Bounty: [bower] Arbitrary File Write through improper validation of symlinks while package extraction

Hi, I want to submit my report https://hackerone.com/reports/473811 for the Internet Bug Bounty. Snyk's writeup: https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction My assessment on why this report might be eligible: To qualify, vulnerabilities must meet the...