SUSE CVE-2018-20684

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp...

Scientific Linux Security Update : php-pear on SL7.x (noarch) (2022:7340)

The remote Scientific Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the SLSA-2022:7340-1 advisory. - ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 - ArchiveTar: improper filename...

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...

CVE-2022-31322

Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables...

CVE-2022-2464

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing fil...

PT-2022-3468 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and the web-based management interface of the affected...

PT-2022-20065 · Hashicorp +1 · Go-Getter +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-getter versions 1.5.11 and earlier HashiCorp go-getter versions 2.0.2 and earlier Description: The issue concerns the unsafe download handling in HashiCorp go-getter. Malicious HTTP responses can cause various misbehaviors,...

PT-2022-20064 · Hashicorp +1 · Go-Getter +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-getter versions 1.5.11 and earlier, 2.0.2 and earlier Description: The issue allows for asymmetric resource exhaustion when processing malicious HTTP responses. It also enables protocol switching, endless redirect, and...

PT-2022-3860 · Hashicorp +1 · Go-Getter +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-getter versions 1.5.11 and earlier HashiCorp go-getter versions 2.0.2 and earlier Description: The issue is related to the lack of input data sanitization in the go-getter library, which can be exploited by a remote attacker to...

Lantronix PremierWave 2050 Path Traversal Vulnerability (CNVD-2022-01594)

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to a path traversal vulnerability caused by a lack of filtering and escaping of path parameters by the Web Manager file upload function. An...

[SECURITY] [DLA 2822-1] netkit-rsh security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2822-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz November 19, 2021 https://wiki.debian.org/LTS -...

OpenOLAT 路径遍历漏洞

OpenOLAT is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a Learning Management System. OpenOLAT suffers from a path traversal vulnerability that stems from the software's lack of effective filtering and validation of uploaded zip files. An attacker...

CVE-2021-38589

In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files SEC-588...

Cpanel 安全特征问题漏洞

Cpanel is a set of Web-based automated colocation platform from Cpanel, Inc. in the United States. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel that stems from the script fix-cpanel-perl not properly restricting file...

Pi-hole 安全漏洞

Pi-hole is a web-grade ad-blocking application from Pi-hole, Inc. A security vulnerability exists in Pi-hole prior to version 5.5.1, which stems from Pi-hole's web interface providing a central location to manage Pi-hole instances and check performance statistics.Prior to version 5.5.1 of Pi-hole...

SUSE: Security Advisory (SUSE-SU-2019:0496-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:3279-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Theonedev OneDev Directory Traversal Vulnerability

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev Onedev versions prior to...

UBUNTU-CVE-2020-28949

ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed...

CVE-2020-1904

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages...