plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file

A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or...

Important: Red Hat Security Advisory: plexus-archiver security update

An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

plexus-archiver security update

0:2.4.2-5 - Fix arbitrary file write vulnerability - Resolves: CVE-2018-1002200...

Debian DSA-4219-1 : jruby - security update

Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run maliciou...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview sharpziplib is a Zip, GZip, Tar and BZip2 library written entirely in C for the .NET platform. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". It is exploited using a specially crafted zip archive, that holds path traversal...

Arbitrary File Write

dependency-check-core is vulnerable to arbitrary file write. The vulnerability exists due to the improper checking on the extracted file path, allowing arbitrary file writes...

CVE-2018-12046

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...

CVE-2018-12046

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...

Design/Logic Flaw

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...

CVE-2018-12046

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...

CVE-2018-12046

The CVE-2018-12046 entry concerns DedeCMS up to version 5.7SP2. A flaw in dede/file_manage_control.php allows arbitrary file write via a request to dede/file_manage_view.php?fmdo=newfile, passing name and str parameters to write a new PHP file. This is the stated vulnerability and impact in the p...

DedeCMS Arbitrary File Write Vulnerability

Desdev DedeCMS Dream Weaving Content Management System is China's Zhuozhuo network Desdev Technology Co., Ltd. of a set of open-source set of content publishing, editing, management and retrieval of PHP Web site content management system CMS. A security vulnerability exists in the file...

CVE-2018-12036

CVE-2018-12036 affects OWASP Dependency-Check prior to 3.2.0. The issue allows an attacker to write to arbitrary files by processing a crafted archive that contains directory traversal filenames, enabling arbitrary file writes. This is caused by unsafe extraction paths in the affected component. ...

CVE-2018-12036

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...

Arbitrary File Write

github.com/mholt/archiver is vulnerable to arbitrary file write. The library does not properly sanitize the destination filepath when extracting archived files, allowing a malicious user to extract files to an arbitrary filepath and overwrite files...

Arbitrary File Write

unzipper is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Arbitrary File Write

zip4j is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Arbitrary File Write

orientdb is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Arbitrary File Write

adm-zip is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Arbitrary File Write

concourse-driver-java is vulnerable to arbitrary file write. The application does not properly validate the destination filepath when during zip file extraction, allowing a malicious user to control the write destination and overwrite files...