Important: Red Hat Security Advisory: rh-maven33-plexus-archiver and rh-maven35-plexus-archiver security update

An update for rh-maven33-plexus-archiver and rh-maven35-plexus-archiver is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file

A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or...

Important: Red Hat Security Advisory: plexus-archiver security update

An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

plexus-archiver security update

0:2.4.2-5 - Fix arbitrary file write vulnerability - Resolves: CVE-2018-1002200...

Debian DSA-4219-1 : jruby - security update

Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run maliciou...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview sharpziplib is a Zip, GZip, Tar and BZip2 library written entirely in C for the .NET platform. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". It is exploited using a specially crafted zip archive, that holds path traversal...

Arbitrary File Write

dependency-check-core is vulnerable to arbitrary file write. The vulnerability exists due to the improper checking on the extracted file path, allowing arbitrary file writes...

CVE-2018-12046

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...

CVE-2018-12046

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...

DedeCMS Arbitrary File Write Vulnerability

Desdev DedeCMS Dream Weaving Content Management System is China's Zhuozhuo network Desdev Technology Co., Ltd. of a set of open-source set of content publishing, editing, management and retrieval of PHP Web site content management system CMS. A security vulnerability exists in the file...

CVE-2018-12036

CVE-2018-12036 affects OWASP Dependency-Check prior to 3.2.0. The issue allows an attacker to write to arbitrary files by processing a crafted archive that contains directory traversal filenames, enabling arbitrary file writes. This is caused by unsafe extraction paths in the affected component. ...

Arbitrary File Write

github.com/mholt/archiver is vulnerable to arbitrary file write. The library does not properly sanitize the destination filepath when extracting archived files, allowing a malicious user to extract files to an arbitrary filepath and overwrite files...

Arbitrary File Write

zip4j is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Arbitrary File Write

orientdb is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Arbitrary File Write

adm-zip is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Arbitrary File Write

SonarQube is vulnerable to zip-slip vulnerability. The vulnerability exists when the attacker inputs a malicious zip archive with filenames including file traversal characters such as dot dot .., leading to concatenation of file path locating outside of the destination folder...

Arbitrary File Write

zt-zip is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Apache Storm Arbitrary File Write Vulnerability

Apache Storm is the United States Apache Apache Software Foundation, a set of Clojure Concurrent Programming Language developed using free open source distributed real-time computing system. An arbitrary file write vulnerability exists in Apache Storm versions 1.0.6 and earlier and 1.2.1 and...

Path traversal

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

CVE-2018-8008

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...