7184 matches found
USN-4863-1 node-fstream vulnerability
It was discovered that fstream incorrectly handled certain crafted tarballs. An attacker could use this vulnerability to write arbitrary files to the filesystem...
USN-4830-1 okular vulnerability
It was discovered that Okular mishandled certain crafted archives during extraction. An attacker could use this vulnerability to write arbitrary files to the filesystem...
USN-4769-1 salt vulnerabilities
It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. CVE-2014-3563 Andreas Stieger discovered that Salt...
IBM SPSS Modeler Subscription Installer Arbitrary File Write Vulnerability
IBM SPSS Modeler Subscription Installer is a software application from the American company Universal Business Machines IBM. Used for a set of data mining, the tools allow the adoption of business techniques to quickly build predictive models and apply them to business activities, thus improving...
Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC)
Exploit Title: Microsoft Exchange 2019 - SSRF to Arbitrary File Write Proxylogon Date: 2021-03-10 Exploit Author: testanull Vendor Homepage: https://www.microsoft.com Version: MS Exchange Server 2013, 2016, 2019 CVE: 2021-26855, 2021-27065 import requests from urllib3.exceptions import...
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Exploit
Exploit Title: Microsoft Exchange 2019 - SSRF to Arbitrary File Write Proxylogon Date: 2021-03-10 Exploit Author: testanull Vendor Homepage: https://www.microsoft.com Version: MS Exchange Server 2013, 2016, 2019 CVE: 2021-26855, 2021-27065 import requests from urllib3.exceptions import...
CVE-2020-4717
CVE-2020-4717 : IBM SPSS Modeler Subscription Installer contains a local vulnerability where a user with create symbolic link permissions can write arbitrary files to protected paths during product installation. The issue is documented in IBM’s bulletin and linked X-Force entry. A remediation is ...
Adobe Creative Cloud < 5.4 Multiple Vulnerabilities (APSB21-18)
The version of Adobe Creative Cloud installed on the remote Windows host is prior to 5.4. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-18 advisory. - Adobe Creative Cloud Desktop Application version 5.3 and earlier is affected by a local privilege escalation...
CVE-2021-26028
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path...
CVE-2021-26028
CVE-2021-26028 affects Joomla! 3.0.0–3.9.24. A vulnerability in the core ZIP extraction path traversal allows a crafted zip file to write files outside the intended directory. Connected advisories confirm this is a path-traversal issue within the joomla/archive zip class, with public references n...
Microsoft Exchange 0-Day Attackers Spy on U.S. Targets
Microsoft has spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange Server. Adversaries have been able to access email accounts, steal a raft of data and drop malware on target machines for long-term remote access, according to the computin...
Microsoft Exchange Server Arbitrary File Write Vulnerability
Exchange is a messaging and collaboration system that is a suite of e-mail service components from Microsoft. Microsoft Exchange Server Arbitrary File Write Vulnerability. An attacker can exploit this vulnerability to write a file to any path on the server after authenticating through the Exchang...
Microsoft Exchange Server Arbitrary File Write Vulnerability (CNVD-2021-14810)
Exchange is a messaging and collaboration system that is a suite of e-mail service components from Microsoft. Microsoft Exchange Server Arbitrary File Write Vulnerability. An attacker can exploit this vulnerability to write a file to any path on the server after authenticating through the Exchang...
Microsoft Exchange Server 安全漏洞
Exchange is a messaging and collaboration system that is a suite of e-mail service components from Microsoft. Microsoft Exchange Server Arbitrary File Write Vulnerability. An attacker can exploit this vulnerability to write a file to any path on the server after authenticating through the Exchang...
CVE-2021-22114
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...
CVE-2021-22114
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...
Path traversal
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...
CVE-2021-22114
CVE-2021-22114 concerns a path-traversal vulnerability in Spring Integration Zip handling. Connected sources indicate that Spring-integration-zip versions prior to 1.0.4 expose an arbitrary file write vulnerability via specially crafted zip archives (also affecting other archive formats like tar,...
CVE-2021-22114
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...
Spring-integration-zip 路径遍历漏洞
Spring Spring-integration-zip is Spring an open source application . Provides compression and decompression functionality A path traversal vulnerability exists in Spring-integration-zip versions prior to 1.0.4, which stems from an arbitrary file write vulnerability...