CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

CVE-2022-37365

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs...

Revenue Collection System v1.0 - Remote Code Execution (RCE)

Exploit Title: Revenue Collection System v1.0 - Remote Code Execution RCE Exploit Author: Joe Pollock Date: November 16, 2022 Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/rates.zip...

CBL Mariner 2.0 Security Update: gzip (CVE-2022-1271)

The version of gzip installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1271 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the...

CVE-2022-4224

CVE-2022-4224 affects CODESYS v3 in multiple versions. A remote, low-privilege attacker could read/modify system files and OS resources or cause a DoS. CVSSv3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base score 8.8). No concrete remediation details are provided in the supplied documents; ex...

CVE-2022-30037

XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php...

CVE-2022-30037

XunRuiCMS versions 4.3.3–4.5.1 are affected by CVE-2022-30037 due to a PHP file write and PHP file inclusion vulnerability in cron.php (add function), enabling arbitrary PHP code execution. The root cause is the ability to write files and include them via cron.php, leading to high-impact compromi...

XunRuiCMS 安全漏洞

XunRuiCloud Software Development XunRuiCMS XunRui CMS is an open source content management system CMS from China XunRuiCloud Software Development Company. XunRuiCMS v4.3.3 to v4.5.1 version of a security vulnerability, the vulnerability stems from the existence of PHP file write and file...

CVE-2022-30037

XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php...

CVE-2022-30037

XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php...

PT-2023-12995 · Xunruicms · Xunruicms

Name of the Vulnerable Software and Affected Versions: XunRuiCMS versions 4.3.3 through 4.5.1 Description: The issue allows attackers to execute arbitrary PHP code via the add function in cron.php. This is made possible by the vulnerability to PHP file write and CMS PHP file inclusion...

Important: gzip

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

Important: xz

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

Amazon Linux 2023 : gzip (ALAS2023-2023-043)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-043 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

Amazon Linux 2023 : xz, xz-devel, xz-libs (ALAS2023-2023-042)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-042 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

DEBIAN-CVE-2023-28371

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

CVE-2023-28371

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

UBUNTU-CVE-2023-28371

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

CVE-2023-28371

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...