5146 matches found
CVE-2019-3580
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...
CVE-2019-3580
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...
CVE-2019-3580
OpenRefine (up to version 3.1) is affected by CVE-2019-3580: during import of a crafted project file, a directory traversal flaw allows arbitrary file write. The description consistently states this vulnerability exists in OpenRefine 3.1 and earlier, caused by directory traversal in the import pr...
OpenRefine Arbitrary File Write Vulnerability
OpenRefine is a Java-based open source tool that is used to load data, analyze it, clean it, and more. A directory traversal vulnerability exists in OpenRefine 3.1 and earlier versions. An attacker can exploit this vulnerability by importing a specially crafted project file to write arbitrary fil...
Fedora 28 : plexus-archiver (2018-7a9a2f6ec0)
Security fix: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file CVE-2018-1002200 A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attack...
EUVD-2018-8665
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...
DoorGets Directory Traversal Vulnerability
doorGets is a content management system CMS. The system supports multiple languages, and system backups and theme changes, etc. A security vulnerability exists in doorGets version 7.0. A remote attacker can exploit the vulnerability to write arbitrary files...
CVE-2018-20064
doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the themecontentnofi parameter...
Jenkins < 2.146 and < 2.138.2 LTS Multiple Vulnerabilities - Windows
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Pulse Secure Desktop Client for Windows Arbitrary File Write Vulnerability
Pulse Secure Desktop Client for Windows is a suite of Windows-based client software from Pulse Secure, Inc. for end devices that access Juniper Pulse Secure gateways. A security vulnerability exists in Pulse Secure Desktop Client versions 5.3 through R6.0 build 1769 for Windows-based platforms. T...
Lenovo XClarity Integrator for Vmware File Write Vulnerability
Lenovo XClarity Integrator LXCI for Vmware is an application for Vmware from Lenovo, China. The program provides extended functionality for infrastructure resource management, automation and IT service management. A security vulnerability exists in Lenovo LXCI for Vmware prior to version 5.5, whi...
Lenovo XClarity Integrator for Vmware and Microsoft System Center File Write Vulnerability
Lenovo XClarity Integrator LXCI for Vmware is an application for Vmware from Lenovo, China. The program provides extended functionality for infrastructure resource management, automation, and IT service management.LXCI for Microsoft System Center is a version for Microsoft System Center. A securi...
Debian DLA-1592-1 : otrs2 security update
Two security vulnerabilities were discovered in OTRS, a Ticket Request System, that may lead to privilege escalation or arbitrary file write. CVE-2018-19141 An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...
Debian: Security Advisory (DLA-1592-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1592-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1+deb8u7 CVE ID : CVE-2018-19141 CVE-2018-19143 Two security vulnerabilities were discovered in OTRS, a Ticket Request System, that may lead to privilege escalation or arbitrary file write. CVE-2018-19141 An attacker who is logged into OTRS as an admin user may...
GHSA-P639-XXV5-J383 Incorrect Permission Assignment for Critical Resource in Apache hive
In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...
Command execution vulnerability in Zendo Enterprise mo***.php file
Zendo Enterprise Edition is open source project management software. A command execution vulnerability exists in the Zendo Enterprise Edition mo.php file. An attacker can exploit the vulnerability to write arbitrary files to gain server privileges...
Apache Hadoop Arbitrary File Write Vulnerability
Apache Hadoop is the U.S. Apache Apache Software Foundation's set of open source distributed systems infrastructure, it can be distributed processing of large amounts of data, and has high reliability, high scalability, high fault tolerance and other characteristics. An arbitrary file write...
Arbitrary File Write
inspec is vulnerable to arbitrary file write attacks. The attack exists due to lack of validation of the relative paths in a zip file to avoid going outside of the target directory...
Arbitrary File Write Vulnerability in LaySNS v2.4
LaySNS is a lightweight, ThinkPHP+Layui-based integrated website management system that integrates content management and community interaction. LaySNS v2.4 has an arbitrary file write vulnerability that can be exploited by an attacker to write arbitrary files and gain control of the web server...