CVE-2022-24888 Possible Injection in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...

Exploit for Code Injection in Vmware Identity_Manager

!CVE-2022-22954https://socialify.git.ci/bewhale/CVE-2022-2295...

Exploit for Improper Initialization in Linux Linux_Kernel

PoC exploit for CVE-2022-0847, a kernel arbitrary file manipulat...

CVE-2022-23793

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path...

Design/Logic Flaw

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfull...

GHSA-VW83-H3MQ-3QWJ Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

Exploit for Improper Initialization in Linux Linux_Kernel

Dirty Pipe automatic root exploit CVE-2022-0847 !eaeasse...

CVE-2022-25359

On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files...

Code injection

On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files...

CVE-2022-25359

On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files...

CVE-2021-22448

There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files...

CVE-2022-25365

CVE-2022-25365 affects Docker Desktop for Windows, stated as: before 4.5.1 allows attackers to move arbitrary files due to an incomplete fix for CVE-2022-23774. Connected evidence includes a GitHub exploit repository (exploit for CVE-2022-25365) listing PoC files (poc.py, createsymlink.exe, junct...

Format string

When a user opens a manipulated Adobe Illustrator file format .ai, ai.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with...

Mageia: Security Advisory (MGASA-2019-0268)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GO-2021-0228 Path traversal in github.com/unknwon/cae

The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

CVE-2022-23107

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system...

CVE-2022-23107

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier is vulnerable: it does not restrict the filename when configuring a custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller filesystem. Remediation p...

Input validation

A origin validation error vulnerability in Trend Micro Apex One on-prem and SaaS could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to...

GHSA-557G-R22W-9WVX Incorrect Permission Assignment for Critical Resource in Singularity

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...

Design/Logic Flaw

When a user opens manipulated Jupiter Tessellation .jt file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...