CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7192 matches found

Huntr•added 2023/01/11 1:34 a.m.•28 views

Froxlor 2.0.6 Remote Command Execution via Arbitrary File Write and Server Side Template Injection

Description Froxlor 2.0.6 Stable is suffering from Remote Command Execution that was achieved by chaining two bugs, the first one is an arbitrary file write on the logging feature, which allows an authenticated attacker to point the log file to any writable path even if it was the web server...

6.5CVSS9.3AI score0.97653EPSS

Exploits8References1

Positive Technologies•added 2023/01/10 12:0 a.m.•2 views

PT-2023-1605

Name of the Vulnerable Software and Affected Versions Windows versions prior to the January 2023 Patch Tuesday Description The issue is related to the implementation of the NT LAN Manager NTLM protocol in Windows operating systems, which is associated with insufficient access restrictions...

7.8CVSS8.3AI score0.02517EPSS

Exploits1References31

UbuntuCve•added 2023/01/09 5:15 p.m.•20 views

CVE-2022-4884

Path-Traversal in MKP storing in Tribe29 Checkmk =2.0.0p32 and = 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file...

4.9CVSS6AI score0.00485EPSS

Exploits0References1

RedHat Linux•added 2023/01/06 8:12 a.m.•5 views

jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

A flaw was found in the Pipeline Input Step Plugin. This issue affects the code of the component Archive File Handler. The manipulation of the argument file with a malicious input leads to a directory traversal vulnerability...

7.5CVSS6.2AI score0.01456EPSS

Exploits0References5

OSV•added 2023/01/03 9:15 p.m.•11 views

CVE-2022-36943

SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item...

8.1CVSS7AI score

Exploits0References1

NVD•added 2023/01/03 9:15 p.m.•10 views

CVE-2022-36943

8.1CVSS8.1AI score0.00805EPSS

Exploits1References1

Vulnrichment•added 2023/01/03 12:0 a.m.•9 views

CVE-2022-36943

6.9AI score0.00805EPSS

Exploits1References1

Cvelist•added 2023/01/03 12:0 a.m.•15 views

CVE-2022-36943

8.3AI score0.00805EPSS

Exploits1References1

CVE•added 2023/01/03 12:0 a.m.•69 views

CVE-2022-36943

CVE-2022-36943 : SSZipArchive (versions 2.5.3 and older) has an arbitrary file write vulnerability due to lack of sanitization for symlink paths. Opening a malicious ZIP that contains a symlink as the first item can cause SSZipArchive to overwrite arbitrary files on the filesystem. The available ...

8.1CVSS8AI score0.00805EPSS

Exploits1References1Affected Software1

NVD•added 2022/12/27 10:15 p.m.•9 views

CVE-2020-36560

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

9.1CVSS0.01249EPSS

Exploits1References4

CVE•added 2022/12/27 9:13 p.m.•162 views

CVE-2020-36561

CVE-2020-36561 is a path-traversal vulnerability in the unzip library used by github.com/yi-ge/unzip (go-unzip). The root cause is improper path sanitization that allows archives containing relative file paths to write or overwrite files outside the target directory. Documents indicate the issue ...

9.1CVSS9.2AI score0.01325EPSS

Exploits1References4Affected Software1

Veracode•added 2022/12/20 3:39 a.m.•14 views

Arbitrary File Write

GuardDog is vulnerable to arbitrary file write. The vulnerability exists due to the unsafe extracting using the shutil.unpackarchive functionality in the downloadcompressed function of packagescanner.py, allowing an attacker to write arbitrary files outside the destination directory through a...

6.5CVSS6.3AI score0.00704EPSS

Exploits1References5Affected Software1

PyPA•added 2022/12/17 12:15 a.m.•5 views

PYSEC-2022-42994

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...

7.8CVSS6.8AI score0.0059EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2022/12/16 11:41 p.m.•6 views

CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package

5.8CVSS7.5AI score0.0059EPSS

Exploits0References3

Cvelist•added 2022/12/16 11:41 p.m.•34 views

CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package

5.8CVSS7.7AI score0.0059EPSS

Exploits0References3

NVD•added 2022/12/16 11:15 p.m.•22 views

CVE-2022-23530

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...

6.5CVSS0.00704EPSS

Exploits1References3

PyPA•added 2022/12/16 11:15 p.m.•6 views

PYSEC-2022-42993

6.5CVSS7.1AI score0.00704EPSS

Exploits1References5Affected Software1