CVE-2020-8131

An arbitrary file write flaw was found in Yarn. This flaw allows an attacker to write files to a user’s system in unexpected places, potentially leading to remote code execution. The attacker would need to first trick a developer into installing a malicious package...

Paessler PRTG Network Monitor Access Control Error Vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from the German company Paessler. A security vulnerability exists in PRTG Network Monitor version 19.1.49 and prior versions, which stems from the program failing to perform sufficient cleanup operations...

CVE-2019-11074

A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges although not controlling the contents of such files due to insufficient sanitisation when passing arguments to th...

PT-2024-5186

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. An arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having th...

WAGO e!COCKPIT File Path Input Validation Error Vulnerability

WAGO e!COCKPIT is a set of integrated development environment software from the German company WAGO. The software is mainly used for hardware configuration, programming and simulation. A security vulnerability exists in the firmware update function of WAGO e!COCKPIT v1.6.0.7, which is caused by...

Command Execution Vulnerability in CICMS in***.php File

CICMS is developed by PHP+MySQL, based on CodeIgniter framework, the source code is all open, and the main enterprise building site. CICMSin.php file has a command execution vulnerability. An attacker can exploit the vulnerability to write any php file and obtain the administrative privileges of...

CVE-2019-5159

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

CVE-2020-2139

The CVE concerns Jenkins Cobertura Plugin versions 1.15 and earlier, where an arbitrary file write vulnerability lets attackers who can control the coverage report file contents overwrite arbitrary files on the Jenkins master filesystem. The root cause is the plugin’s path handling not preventing...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability (cisco-sa-20200226-fxos-cli-file)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by an arbitrary file read and write vulnerability in the CLI due to insufficient input validation. An authenticated, local attacker can exploit this, via crafted arguments on a specific CLI comman...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/yi-ge/unzip is a Golang .zip decompress package. This package is a fork from https://github.com/artdarek/go-unzip with added support for Symlinks. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/artdarek/go-unzip is a package go-unzip provides a very simple library to extract zip archive Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is possible during extraction due to no validation and...

CVE-2019-3696

A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise...

Arbitrary File Write

decompress is vulnerable to path traversal. The vulnerability exists due to a zip slip vulnerability. Improper handling of archives containing files that has ../ in its names allows the files to be written out of the intended path...

CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview dariusiii/zipper is a Simple Wrapper around the ZipArchive methods with some handy functions. This package is an updated fork of Chumper/Zipper. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is possible during...