SharpCompress Directory Traversal Vulnerability

SharpCompress is a library for compression/decompression. A directory traversal vulnerability exists in SharpCompress versions prior to 0.21.0. The vulnerability can be exploited to write arbitrary files with a specially crafted zip archive file with a directory traversal name...

QuaZIP Directory Traversal Vulnerability

QuaZIP is a C++ wrapper for accessing ZIP archives. A directory traversal vulnerability exists in QuaZIP versions prior to 0.7.6. The vulnerability can be exploited to write arbitrary files with the help of a specially crafted zip archive file with a directory traversal name...

sharplibzip directory traversal vulnerability

sharplibzip is a library for compression/decompression. A directory traversal vulnerability exists in sharplibzip versions prior to 1.0 RC1. The vulnerability can be exploited to write arbitrary files using a specially crafted zip archive with a directory traversal name...

CVE-2018-1002208

SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

DEBIAN-CVE-2018-1002209

QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

UBUNTU-CVE-2018-1002200

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2018-1002202

zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2018-1002208

SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

UBUNTU-CVE-2018-1002208

SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2018-1002202

zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

Foxit Reader ExpaseFDF Arbitrary File Writing Remote Code Execution Vulnerability

Foxit Reader for Windows is China's Foxit Foxit Software Corporation, a Windows-based platform for PDF document reader. A security vulnerability exists in the 'exportAsFDF XFA' function in Foxit Reader 9.1.0.5096 and earlier versions for Windows based platforms, which stems from the program not...

PT-2018-9625 · Hewlett Packard · Dotnetzip

Name of the Vulnerable Software and Affected Versions: DotNetZip.Semvered versions prior to 1.11.0 Description: The issue allows attackers to perform directory traversal, enabling them to write to arbitrary files. This is achieved by including a ../ dot dot slash in a Zip archive entry, which is...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 42 security fixes in this release, including: 850350 High CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-06-07 848914 High CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair on 2018-06-01 842265 Hig...

MetInfo 6.0.0存在任意文件写入漏洞getshell

...

Code execution vulnerability in Metinfo version 6.0.0

MetInfo is a content management system developed using PHP and Mysql. A code execution vulnerability exists in Metinfo version 6.0.0. An attacker can exploit the vulnerability to write arbitrary files in the server and gain server privileges...

CVE-2014-4150

The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp...

CVE-2014-4150

The CVE-2014-4150 vulnerability affects Scheme 48, specifically the scheme48-send-definition function in cmuscheme48.el. The issue allows a local attacker to write to arbitrary files by exploiting a symlink attack on /tmp/s48lose.tmp. The public-facing details clearly describe the root cause as a...

Foxit Reader exportData Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportData XFA...

Foxit Reader exportAsFDF Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF XFA...

Arbitrary File Writing

SharpZipLib is vulnerable to arbitrary file write aka zip slip vulnerability. It fails to check on the file path during extraction, allowing arbitrary files to be written outside of extraction directory...