EulerOS Virtualization 3.0.6.6 : gzip (EulerOS-SA-2022-2505)

According to the versions of the gzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file nam...

CVE-2022-39858

Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege...

Arbitrary File Write

Jenkins Pipeline is vulnerable to Arbitrary File Write. The vulnerability exists because of using parameter name without sanitization as a relative path inside a build-related directory which allows an attacker to configure Pipelines to create or replace arbitrary files on the Jenkins controller...

SAMSUNG Mobile devices 路径遍历漏洞

SAMSUNG Mobile devices are a series of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung. A path traversal vulnerability exists in SAMSUNG Mobile devices version 3.5.51, which stems from a path traversal vulnerability in AtBroadcastReceiver in...

postgresql-jdbc: Arbitrary File Write Vulnerability

A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or serv...

Arbitrary File Write

postgresql-jdbc is vulnerable to arbitrary file writes. The vulnerability exists because the connection properties for configuring a pgjdbc connection are exposed which allows an attacker to specify arbitrary connection properties could lead to a compromise of a system...

postgresql-jdbc: Arbitrary File Write Vulnerability

A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or serv...

Exploit for Server-Side Request Forgery in Microsoft

PoC exploit for CVE-2022-41040 is absent, but this repository co...

CVE-2022-42002

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...

CVE-2022-42002

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...

CVE-2022-42002

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...

Authentication flaw

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...

SonicJS 缓冲区错误漏洞

SonicJS is a content management system based on modern open source NodeJs by Lane Personal Developer. A buffer error vulnerability exists in SonicJS version 0.6.0 and prior versions, which stems from a file overwrite. An attacker exploiting this vulnerability can write and delete arbitrary files...

CVE-2022-42002

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...

CVE-2022-42002

CVE-2022-42002 affects SonicJS up to version 0.6.0. The vulnerability stems from unauthenticated access to the file mutation mutations, specifically fileCreate and fileUpdate , which can overwrite arbitrary files on a SonicJS application. This leads to Arbitrary File Write and Delete . Connection...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.2298)

The version of AHV installed on the remote host is prior to 20201105.2298. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20201105.2298 advisory. - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.30398)

The version of AHV installed on the remote host is prior to 20201105.30398. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20201105.30398 advisory. - In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 - In Expat...

Huawei EulerOS: Security Advisory for xz (EulerOS-SA-2022-2370)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gzip (EulerOS-SA-2022-2346)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for xz (EulerOS-SA-2022-2406)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...