PT-2022-2156 · Gnu +11 · Gnu Gzip +11

Name of the Vulnerable Software and Affected Versions: GNU gzip versions affected versions not specified Description: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. This flaw occurs due to insufficient validation when processing filenames with two or more newlines...

UBUNTU-CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a perpetrator to write arbitrary files.

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, is related to errors in processing the relative path to the catalog. Exploiting this...

zgrep -- arbitrary file write

RedHat reports: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

CVE-2022-20755

CVE-2022-20755 affects Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). An authenticated, remote attacker with read/write privileges can exploit weaknesses in the API and web-based management interfaces to write arbitrary files or execute code on the underlying OS ...

OpenSSH < 8.0

According to its banner, the version of OpenSSH running on the remote host is prior to 8.0. It is, therefore, affected by the following vulnerabilities: - A permission bypass vulnerability due to improper directory name validation. An unauthenticated, remote attacker can exploit this, with a...

CVE-2022-23793

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path...

PT-2022-6761 · Jszip +1 · Jszip +1

Name of the Vulnerable Software and Affected Versions: JSZip versions prior to 3.8.0 Description: The issue is related to the loadAsync function in JSZip, which allows directory traversal via a crafted ZIP archive. This can be exploited by a remote attacker to write arbitrary files and execute...

CVE-2022-25347 Delta Electronics DIAEnergie Path Traversal

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system...

DEBIAN-CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...

UBUNTU-CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...

Delta Electronics DIAEnergie路径遍历漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A path traversal...

CVE-2021-39384

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java...

CVE-2021-39384

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java...

CVE-2021-39384

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java...

CVE-2021-39384

CVE-2021-39384 : DWSurvey v3.2.0 contains an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. This is the root cause described in the CVE entry. CVSS metrics indicate a high-severity issue (CVSSv3.1 base score 9.8, CRITICAL) with NETWORK attack vector, no authentica...

DWSurvey 代码问题漏洞

DWSurvey is a survey system written in Java. DWSurvey v3.2.0 has a security vulnerability that allows an attacker to write arbitrary files via the component /utils/ToHtmlServlet.java...

Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

GHSA-VW83-H3MQ-3QWJ Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

CVE-2021-25003

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE...