CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

CVE-2019-3580

OpenRefine (up to version 3.1) is affected by CVE-2019-3580: during import of a crafted project file, a directory traversal flaw allows arbitrary file write. The description consistently states this vulnerability exists in OpenRefine 3.1 and earlier, caused by directory traversal in the import pr...

Fedora 28 : plexus-archiver (2018-7a9a2f6ec0)

Security fix: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file CVE-2018-1002200 A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attack...

Fedora 28 : ant (2018-cba3ccd747)

Backport fix for arbitrary file write vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

OpenRefine Arbitrary File Write Vulnerability

OpenRefine is a Java-based open source tool that is used to load data, analyze it, clean it, and more. A directory traversal vulnerability exists in OpenRefine 3.1 and earlier versions. An attacker can exploit this vulnerability by importing a specially crafted project file to write arbitrary fil...

Node.js third-party modules: [bower] Arbitrary File Write through improper validation of symlinks while package extraction

I would like to report file write in arbitrary locations via install command in bower It allows attackers to write arbitrary files when a malicious package is extracted. Module module name: bower version: 1.8.4 npm page: https://www.npmjs.com/package/bower Module Description Bower offers a generi...

EUVD-2018-8665

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces both '' and '' characters. Specifically, it is only vulnerable in GOPATH mode, but not in module mode th...

DoorGets Directory Traversal Vulnerability

doorGets is a content management system CMS. The system supports multiple languages, and system backups and theme changes, etc. A security vulnerability exists in doorGets version 7.0. A remote attacker can exploit the vulnerability to write arbitrary files...

jenkins: Arbitrary file write vulnerability using file parameter definitions

A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an...

CVE-2018-20064

doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the themecontentnofi parameter...

Directory traversal

doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the themecontentnofi parameter...

CVE-2018-20064

doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the themecontentnofi parameter...

Jenkins < 2.146 and < 2.138.2 LTS Multiple Vulnerabilities - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Pulse Secure Desktop Client for Windows Arbitrary File Write Vulnerability

Pulse Secure Desktop Client for Windows is a suite of Windows-based client software from Pulse Secure, Inc. for end devices that access Juniper Pulse Secure gateways. A security vulnerability exists in Pulse Secure Desktop Client versions 5.3 through R6.0 build 1769 for Windows-based platforms. T...

Lenovo XClarity Integrator for Vmware File Write Vulnerability

Lenovo XClarity Integrator LXCI for Vmware is an application for Vmware from Lenovo, China. The program provides extended functionality for infrastructure resource management, automation and IT service management. A security vulnerability exists in Lenovo LXCI for Vmware prior to version 5.5, whi...

Lenovo XClarity Integrator for Vmware and Microsoft System Center File Write Vulnerability

Lenovo XClarity Integrator LXCI for Vmware is an application for Vmware from Lenovo, China. The program provides extended functionality for infrastructure resource management, automation, and IT service management.LXCI for Microsoft System Center is a version for Microsoft System Center. A securi...

CVE-2018-16093

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file...

CVE-2018-16097

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate...

CVE-2018-16097 LXCI for VMware and LXCI for Microsoft System Center

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate...