CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5146 matches found

OSV•added 2018/07/31 8:29 p.m.•1 views

CVE-2018-14281

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.2AI score

Exploits0References2

OSV•added 2018/07/31 8:29 p.m.•2 views

CVE-2018-14280

8.8CVSS6.2AI score

Exploits0References2

OSV•added 2018/07/31 2:29 p.m.•1 views

CVE-2018-12939

A directory traversal flaw in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows an authenticated attacker to write to or potentially delete arbitrary files via a .. dot dot in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute arbitrary code by using...

6.5CVSS6.1AI score0.01969EPSS

Exploits0References2

CNVD•added 2018/07/31 12:0 a.m.•2 views

mholt/archiver golang package directory traversal vulnerability

The mholt/archiver golang package is a package for compression/uncompression. A directory traversal vulnerability exists in versions prior to mholt/archiver golang package e4ef56d48eb029648b0e895bb0b6a393ef0829c3, which can be exploited to write arbitrary files with the help of a specially crafte...

5.5CVSS5.9AI score0.0253EPSS

Exploits1References1

OSV•added 2018/07/27 5:7 p.m.•0 views

GHSA-3V6H-HQM4-2RG6 Arbitrary File Write in adm-zip

Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.4.9 or later...

5.5CVSS7AI score0.15359EPSS

Exploits1References11

OSV•added 2018/07/27 5:6 p.m.•24 views

GHSA-884W-698F-927F Arbitrary File Write via Archive Extraction in unzipper

Versions of unzipper before 0.8.13 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.3.18 or later...

5.5CVSS5.8AI score0.11917EPSS

Exploits1References9

Github Security Blog•added 2018/07/27 5:6 p.m.•28 views

Arbitrary File Write via Archive Extraction in unzipper

5.5CVSS5AI score0.11917EPSS

Exploits1References9Affected Software1

CNVD•added 2018/07/26 12:0 a.m.•2 views

ADM-ZIP Directory Traversal Vulnerability

adm-zip npm library is a Node.js-based JavaScript implementation that allows users to create, extract zip files in memory or on disk. A directory traversal vulnerability exists in versions of adm-zip npm library prior to 0.4.9. An attacker can exploit this vulnerability to write arbitrary files...

5.5CVSS5.8AI score0.15359EPSS

Exploits1References1

CNVD•added 2018/07/26 12:0 a.m.•1 views

zt-zip directory traversal vulnerability

zt-zip is a library for compression/decompression. A directory traversal vulnerability exists in zt-zip versions prior to 1.13. An attacker can exploit this vulnerability by writing arbitrary files with a specially crafted zip archive file with a directory traversal name...

5.8CVSS6.3AI score0.1035EPSS

Exploits1References1

CNVD•added 2018/07/26 12:0 a.m.•5 views

zip4j directory traversal vulnerability

zip4j is a Java-based library for compression/decompression . A directory traversal vulnerability exists in zip4j versions prior to 1.3.3. The vulnerability can be exploited to write arbitrary files with a specially crafted zip archive file with a directory traversal name...

6.5CVSS6.9AI score0.13088EPSS

Exploits1References1

CNVD•added 2018/07/26 12:0 a.m.•1 views

SharpCompress Directory Traversal Vulnerability

SharpCompress is a library for compression/decompression. A directory traversal vulnerability exists in SharpCompress versions prior to 0.21.0. The vulnerability can be exploited to write arbitrary files with a specially crafted zip archive file with a directory traversal name...

5.5CVSS5.9AI score0.10051EPSS

Exploits1References1

CNVD•added 2018/07/26 12:0 a.m.•1 views

QuaZIP Directory Traversal Vulnerability

QuaZIP is a C++ wrapper for accessing ZIP archives. A directory traversal vulnerability exists in QuaZIP versions prior to 0.7.6. The vulnerability can be exploited to write arbitrary files with the help of a specially crafted zip archive file with a directory traversal name...

5.5CVSS5.6AI score0.0595EPSS

Exploits0References1

CNVD•added 2018/07/26 12:0 a.m.•1 views

sharplibzip directory traversal vulnerability

sharplibzip is a library for compression/decompression. A directory traversal vulnerability exists in sharplibzip versions prior to 1.0 RC1. The vulnerability can be exploited to write arbitrary files using a specially crafted zip archive with a directory traversal name...

5.5CVSS5.6AI score0.08854EPSS

Exploits1References1

OSV•added 2018/07/25 5:29 p.m.•1 views

DEBIAN-CVE-2018-1002209

QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS7AI score0.0595EPSS

Exploits0References1

NVD•added 2018/07/25 5:29 p.m.•14 views

CVE-2018-1002208

SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS5.4AI score0.08854EPSS

Exploits1References5

OSV•added 2018/07/25 5:29 p.m.•2 views

CVE-2018-1002202

zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

6.5CVSS5.9AI score0.13088EPSS

Exploits1References4

UbuntuCve•added 2018/07/25 5:29 p.m.•27 views

CVE-2018-1002208

5.5CVSS6.7AI score0.08854EPSS

Exploits1References2

OSV•added 2018/07/25 5:29 p.m.•0 views

UBUNTU-CVE-2018-1002200

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS6.5AI score0.13179EPSS

Exploits1References4

Cvelist•added 2018/07/25 5:0 p.m.•30 views

CVE-2018-1002202

6.7AI score0.13088EPSS

Exploits1References4

Positive Technologies•added 2018/07/25 12:0 a.m.•5 views

PT-2018-9625 · Hewlett Packard · Dotnetzip

Name of the Vulnerable Software and Affected Versions: DotNetZip.Semvered versions prior to 1.11.0 Description: The issue allows attackers to perform directory traversal, enabling them to write to arbitrary files. This is achieved by including a ../ dot dot slash in a Zip archive entry, which is...

5.5CVSS5.7AI score0.12165EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by