97 matches found
SUSE CVE-2005-0077
The DBI library libdbi-perl for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file...
CVE-2022-44748 Uploading workflows to KNIME Server may override arbitrary file system contents
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, ca...
Knime Server 路径遍历漏洞
Knime Server is enterprise software for putting data science workflows into production from Knime Switzerland. A security vulnerability exists in Knime Server prior to version 4.15.3, which stems from a directory traversal vulnerability in the ZIP archive extraction routines that could lead to th...
rsync: remote arbitrary files write inside the directories of connecting peers
A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can copy and overwrite arbitrary files in the client's rsync target directory and subdirectories. This flaw allows a malicious server, or in some cases, another attacker wh...
PT-2022-3781 · Zyxel · Zyxel Usg/Zywall Series +8
Name of the Vulnerable Software and Affected Versions: Zyxel USG FLEX 100W versions 4.50 through 5.30 Zyxel USG FLEX 200 versions 4.50 through 5.30 Zyxel USG FLEX 500 versions 4.50 through 5.30 Zyxel USG FLEX 700 versions 4.50 through 5.30 Zyxel USG FLEX 50W versions 4.16 through 5.30 Zyxel...
CVE-2022-29094
Dell SupportAssist Client Consumer versions 3.10.4 and versions prior and Dell SupportAssist Client Commercial versions 3.1.1 and versions prior contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files...
GHSA-W4M6-X6C2-J5C9 Express-FileUpload Arbitrary File Overwrite
An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. This vulnerability is debated by the package author...
UBUNTU-CVE-2021-45972
The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data...
tough library 路径遍历漏洞
tough library is a tool for using and generating TUF repositories. A path traversal vulnerability exists in versions of the Tough library prior to 0.12.0, which stems from .Tough provides a set of Rust libraries and tools for using and generating the Update Framework TUF repository. The Rust...
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This i...
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite
The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This i...
ALPINE-CVE-2021-37712
The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achiev...
CVE-2021-28633
Adobe Creative Cloud Desktop Application installer version 2.4 and earlier is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires...
CVE-2021-22549 Arbitrary enclave memory overwrite vulnerability in Asylo TrustedPrimitives::UntrustedCall
An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c...
Acronis True Image 后置链接漏洞
Acronis True Image is a well-known data backup and restore software from Singapore-based Acronis. The software can be used to create drive and disk images and can restore images when a clean system is needed.Acronis True Image 2020 version 24.5.22510 contains an arbitrary file overwrite...
Vmware Spring Framework 权限许可和访问控制问题漏洞
Vmware Spring Framework is the United States, Vmware Vmware company's set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . An elevation of privilege vulnerability exists in Vmware Spring Framework, which can be exploited by an...
Design/Logic Flaw
Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used...
Aruba Instant Arbitrary File Modification Vulnerability (CNVD-2021-26048)
Aruba Instant is a cloud-hosted controller-less wireless access point. Aruba Instant suffers from an arbitrary file modification vulnerability that can be exploited by an attacker via the Web UI to overwrite arbitrary files with content under their control...
Dockerhub DocumentServer 路径遍历漏洞
ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. ONLYOFFICE Document Server suffers from a file extension handling vulnerability that can be exploited by an attacker requesting data to control file...
Prototype Pollution
systeminformation is vulnerable to prototype pollution. An attacker is able to overwrite arbitrary properties and functions of an object such as prototype or proto, potentially resulting in OS command execution...