CVE-2018-9205

Drupal avatar_uploader v7.x-1.0-beta8 is vulnerable to Local/Arbitrary File Disclosure because view.php does not restrict file paths or verify user permissions, allowing unauthenticated retrieval of arbitrary files from the server (e.g., via uploadDir). The issue is a path traversal style flaw in...

CVE-2018-9205

Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...

Directory Traversal

github.com/mholt/caddy is vulnerable to directory traversal attacks. The vulnerability was introduced by a regression introduced when clients were updated to use Storage instead of Locker, and exists due to the lack of sanitization of file path. It can be optionally be mitigated by running...

Homematic CCU2 2.29.23 - Arbitrary File Write Exploit

Exploit for cgi platform in category web applications !/usr/bin/ruby Exploit Title: Homematic CCU2 Arbitrary File Write Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29.23 C...

CVE-2018-1000126

Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application...

Windows Desktop Bridge VFS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Desktop Bridge VFS does not take into acccount user/kernel mode when managing file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;...

Arbitrary File Editing Vulnerability in SDCMS Version v3.3

SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. SDCMS v3.3 version of the existence of arbitrary file editing vulnerability, the vulnerability stems from the file path to modify the file and the content of the file to be written into the file are not...

CVE-2017-9447

In the web interface of Parallels Remote Application Server RAS 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary...

Trend Micro Email Encryption Gateway Multiple Vulnerabilities

1. Advisory Information Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0006 Advisory URL:http://www.coresecurity.com/core-labs/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities Date published: 2018-02-21 Date of last update:...

EmpireCMS class/connect.php File Path Leakage Vulnerability

EmpireCMS is a free CMS Content Management System. A security vulnerability exists in EmpireCMS versions 6.6 through 7.2. The vulnerability can be exploited by a remote attacker to obtain the full path with the help of the class/connect.php file...

Node.js third-party modules: [public] Path Traversal allows to read content of arbitrary files

Hi Guys, There is Path Traversal in public module. It allows to read content of arbitrary files on the remote server. Module public Run static file hosting server with specified public dir & port. Support a "direcotry index" like Apache httpd. https://www.npmjs.com/package/public version: 0.1.2...

Debian: Security Advisory (DLA-978-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

DEBIAN-CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

CVE-2017-1000472

POCO C++ Libraries prior to 1.8 contain a ZIP path-validation flaw in ZipCommon::isValidPath() that can allow absolute path traversal during ZIP decompression, potentially enabling creation or overwriting of arbitrary files via a crafted ZIP file. Reports across multiple distributions (Debian, Fe...

Updated perl packages fix security vulnerability

John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory which might be changed to another directory without the user realising and potentially leading to privilege escalation...

PT-2018-5238 · Poco +1 · Poco C++ Libraries +1

Name of the Vulnerable Software and Affected Versions: POCO C++ Libraries versions prior to 1.8 Description: The issue concerns a "file path injection vulnerability" in the ZipCommon::isValidPath function, which does not properly restrict the filename value in the ZIP header. This allows attacker...