Huawei EulerOS: Security Advisory for xz (EulerOS-SA-2022-1985)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

postgresql-jdbc: Arbitrary File Write Vulnerability

A flaw was found in Postgres JDBC. This flaw allows an attacker to use a method to write arbitrary files through the connection properties settings. For example, an attacker can create an executable file under the server the application is running and make it a new part of the application or serv...

Oracle Linux 9 : xz (ELSA-2022-4940)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-4940 advisory. 5.2.5-8 - Fix arbitrary file write vulnerability Resolves: CVE-2022-1271 Tenable has extracted the preceding description block directly from the Oracle Linux...

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

gzip security update

1.10-9 - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271...

xz security update

5.2.5-8 - Fix arbitrary file write vulnerability Resolves: CVE-2022-1271...

AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service Vulnerabilities

Exploit Title: AnyDesk allow arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine Exploit Author: Erwin Chan Vendor Homepage: https://anydesk.com/en Software Link: https://anydesk.com/en Version: 7.0.9 Tested on: Windows 11 It was found that AnyDesk versi...

Arbitrary template creation leading to Authenticated Remote Code Execution

Description Arbitrary File Write Reproduction Steps: 1. As a low privileged user, Create a new recipe and click on the "+" to add a New Asset. 2. Select a file, then proxy the request that will create the asset. 3. Update the values in the POST request to the ones shown below: POST...

AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service

Exploit Title: AnyDesk allow arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine Google Dork: if applicable Date: 24/5/2022 Exploit Author: Erwin Chan Vendor Homepage: https://anydesk.com/en Software Link: https://anydesk.com/en Version: 7.0.9 Tested on:...

Exploit for Server-Side Request Forgery in Microsoft

ProxyLogon ProxyLogon is the formally generic name for CVE-202...

GHSA-29Q6-P2CG-4V23 Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin

Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata...

Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin

Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata...

CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)

A remote and low-privileged WatchGuard Firebox or XTM user can read arbitrary system files when using the SSH interface due to an argument injection vulnerability affecting the diagnose command. Additionally, a remote and highly privileged user can write arbitrary system files when using the SSH...

CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...

EulerOS 2.0 SP8 : gzip (EulerOS-SA-2022-1931)

According to the versions of the gzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, ...

EulerOS 2.0 SP8 : xz (EulerOS-SA-2022-1955)

According to the versions of the xz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a...

EulerOS 2.0 SP5 : gzip (EulerOS-SA-2022-1892)

According to the versions of the gzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, ...

Oracle Linux 7 : xz (ELSA-2022-5052)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-5052 advisory. 5.2.2-2 - Fix CVE-2022-1271 Resolves: CVE-2022-1271 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

CVE-2022-31219 Drive Composer Link Following Local Privilege Escalation Vulnerability

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation o...

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...