Cisco IOS XR 信息泄露漏洞

Cisco IOS XR is a set of operating systems developed by the U.S.-based Cisco for its network devices. Cisco IOS XR suffers from an information disclosure vulnerability that stems from the health check RPM opening TCP port 6379 by default upon activation, which allows an unauthenticated, remote...

CVE-2022-20807

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

Important: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

RLSA-2022:4582 Important: gzip security update

The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fixes: gzip: arbitrary-file-write vulnerability...

gzip security update

An update is available for gzip. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gzip packages contain the gzip GNU zip data compression utility. gzip is use...

CVE-2022-1359

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters ../ as part of a filename, the server will save the file where the attacker...

CVE-2022-1359

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters ../ as part of a filename, the server will save the file where the attacker...

Path traversal

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters ../ as part of a filename, the server will save the file where the attacker...

CVE-2022-1359 Cambium Networks cnMaestro Path Traversal

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters ../ as part of a filename, the server will save the file where the attacker...

CVE-2022-1359 Cambium Networks cnMaestro Path Traversal

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters ../ as part of a filename, the server will save the file where the attacker...

CVE-2022-1359

The CVE-2022-1359 entry describes an arbitrary file-write path traversal vulnerability in Cambium Networks cnMaestro On-Premises. An attacker can supply ../ in a filename to write data to arbitrary server files via a restricted pathname in a specific route. This affects On-Premise cnMaestro and c...

CVE-2021-42643

cmseasy V7.7.520211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability...

Remote code execution

cmseasy V7.7.520211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability...

CVE-2021-42643

CVE-2021-42643 affects CmsEasy cmseasy v7.7.5_20211012 with an arbitrary file write vulnerability that allows writing a PHP script to the web server and, when accessed, can lead to code execution. This is documented across NVD/NVD-derived pages and CNNVD describing the same issue. The supplied co...

GHSA-M454-CM7H-RQHH OpenStack Nova Directory traversal vulnerability

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2 and Essex 2012.1, when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. dot dot in the path attribute of a file element...

GHSA-W47P-5Q88-HJ5G Path Traversal in Apache Jetspeed

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...

OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization

Affected Versions: Version 2.2.0 is affected, and prior versions are likely affected too. - Vulnerabilities Description: Vulnerable component is switching to another tab. To exploit vulnerability, an attacker may send a POST request with application/x-www-form-urlencoded content-type to AJAX...

CmsEasy 路径遍历漏洞

CmsEasy is a content management system CMS for creating responsive websites from China's Jiuzhou ET Technology Company. A security vulnerability exists in CmsEasy version 7.7.520211012, which stems from cmseasy being affected by an arbitrary file write vulnerability...

SUSE SLES15 Security Update : gzip (SUSE-SU-2022:1674-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1674-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for...