WordPress plugin WPCargo Track & Trace 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

GHSA-727H-HRW8-JG8Q Path traversal in org.postgresql:postgresql

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

Arbitrary file write in nats-server

This document is canonically: Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. JetStream is the optional RAFT-based resilient persistent feature of NATS. Problem Description The JetStream...

GHSA-6H3M-36W8-HV68 Arbitrary file write in nats-server

This document is canonically: Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. JetStream is the optional RAFT-based resilient persistent feature of NATS. Problem Description The JetStream...

CVE-2022-26520

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

DEBIAN-CVE-2022-26520

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

CVE-2022-26520

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

Luocms 安全漏洞

Luocms v2.0 is an article management system. Luocms v2.0 is vulnerable to an arbitrary file-writing vulnerability that results from insufficient validation of filecontent submissions and filenamede filenames, which can be exploited to write arbitrary shell files via /admin/templates/templatemanag...

PT-2022-17985 · Unknown · Nats Server +1

Name of the Vulnerable Software and Affected Versions: NATS Server versions 2.2.0 through 2.7.3 NATS Streaming Server versions 0.15.0 through 0.24.2 Description: The issue allows for Directory Traversal with write access via an element in a ZIP archive for JetStream streams, enabling arbitrary fi...

CVE-2022-26520

CVE-2022-26520 affects the PostgreSQL JDBC (PgJDBC) driver prior to 42.3.3. An attacker who controls the JDBC URL or properties can cause java.util.logging.FileHandler to write to arbitrary files via the loggerFile and loggerLevel properties, potentially enabling tasks like placing an executable ...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to a possible load of system library files from an unintended working directory. Details A Directory Traversal attack also known as path traversal aims to access files and directories that are stored outside the...

Backdoor.Win32.Augudor.a Remote File Write / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/bf1b1a2f4be78d6b62ed7c316c77a9a1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Augudor.a Vulnerability: Unauthenticated Remote File Write - RCE Description: Augudor...

The vulnerability of the Windows Defender antivirus program for the Windows operating system, related to the disclosure of information in the erroneous data area, allows a perpetrator to write arbitrary files.

The vulnerability of the Windows Defender antivirus program in the Windows operating system is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability allows a malicious individual to identify locations in the file system that are excluded from Windows...

CVE-2021-3762

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution...

Directory traversal

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution...

CVE-2021-3762

CVE-2021-3762 affects Clair’s ClairCore engine (directory traversal in Clair/ ClairCore) that allows arbitrary file writes when scanning a crafted container image, potentially enabling remote code execution. Several connected sources corroborate a path-traversal vulnerability within the ClairCore...

CVE-2021-3762

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution...

Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products

Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server VCS that could be exploited by an attacker to gain elevated privileges and execute arbitrary code. The two flaws – tracked as...

PT-2022-5801 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: FortiClientWindows versions 7.0.0 through 7.0.3 FortiClientWindows versions 6.4.0 through 6.4.7 FortiClientWindows versions 6.2.0 through 6.2.9 FortiClientWindows versions 6.0.0 through 6.0.10 Description: The issue is related to insecure...

Design/Logic Flaw

WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directo...