1324 matches found
PT-2020-15350 · Jenkins · Jenkins Cobertura Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Cobertura Plugin versions 1.15 and earlier Description: The issue allows attackers who can control the coverage report file contents to overwrite any file on the Jenkins master file system. This is due to an arbitrary file write...
The vulnerability of the Huawei PC Manager application, related to access control deficiencies, allows a perpetrator to execute arbitrary codes and write arbitrary files.
The vulnerability of the Huawei PC Manager application relates to deficiencies in access control. Exploiting this vulnerability could allow a hacker to execute arbitrary code and write arbitrary files...
Adobe Acrobat and Reader Elevation of Privilege Vulnerability (CNVD-2020-10134)
Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader have an elevation of privilege vulnerability. An attacker can exploit the vulnerability to write to an arbitrary file system...
Unsafe Identifiers
opencast-common is using unsafe identifier. The package allows the use of arbitrary identifiers for media packages and file systems, causing the identifier mismatch as an identifier may unintentionally be changed. When the identifiers are used for file system operations, an attacker can make use ...
The vulnerabilities of the xAPI microprogramming software components of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and the operating system Cisco RoomOS allow attackers to gain unauthorized access to protected information and write arbitrary files to the device’s file system.
The vulnerability of the xAPI microprogramming software components of Cisco TelePresence Collaboration Endpoint, Cisco TelePresence Codec, and the operating system Cisco RoomOS exists due to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability can...
Bitbucket Server and Bitbucket Data Center Remote Code Execution Vulnerability (CNVD-2020-03926)
Atlassian Bitbucket Server and Atlassian Bitbucket Data Center are both products of Atlassian Australia.Atlassian Bitbucket Server is a Git code hosting solution. The solution manages and reviews code with features such as diff view, JIRA integration and build integration.Atlassian Bitbucket Data...
CVE-2019-19459
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...
CVE-2019-10185
It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox. Mitigation No kno...
Directory Traversal
Overview iobroker.js-controller is a controller that is owning the central configuration of the ioBroker installation and controls and monitors all adapter processes for the current host. Affected versions of this package are vulnerable to Directory Traversal. An attacker can include file content...
The vulnerability of the ColdFusion software platform, related to errors in restricting the path name of the restricted directory, allows a perpetrator to write any files into the device’s file system.
The vulnerability of the ColdFusion software platform is related to errors in restricting the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files to the device’s file system remotely...
PT-2019-17702 · Twitter · Bower
Name of the Vulnerable Software and Affected Versions: bower versions prior to 1.8.8 Description: The issue allows for a path traversal vulnerability, enabling file write in arbitrary locations via the install command. This occurs because bower does not verify that extracted symbolic links do not...
Microsoft .NET Framework Privilege Vulnerability
Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a development platform. The platform includes the C and Visual Basic programming languages, a public language runtime library, and an extensive class library. A privilege extraction...
Mozilla Firefox and Mozilla Firefox ESR Arbitrary Code Execution Vulnerability
Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox versions prior to Mozilla...
GHSA-MR7P-25V2-35WR NLTK Vulnerable To Path Traversal
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during extraction...
PT-2019-3241 · Nltk +2 · Nltk Downloader +2
Name of the Vulnerable Software and Affected Versions: NLTK Downloader versions prior to 3.4.5 Description: The issue is related to a directory traversal vulnerability, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during...
The vulnerability of the IcedTea-Web plugin, related to an incorrect limitation on the path name to the restricted access catalog, allows a hacker to write arbitrary files to the device’s file system.
The vulnerability of the IcedTea-Web plugin is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files to the device’s file system using a specially crafted file in formats: .tar, .jar, .war,...
cPanel Input Validation Error Vulnerability (CNVD-2019-26371)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in versions of cPanel prior to 78.0.2. The vulnerability stems from a web-based...
cPanel Input Validation Error Vulnerability (CNVD-2019-26370)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in versions of cPanel prior to 78.0.2. The vulnerability stems from a web-based...
DEBIAN-CVE-2019-14452
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in a ZIP archive entry that is mishandled during extraction...
USN-4055-1 flightcrew vulnerabilities
Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. CVE-2019-13032 Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use thi...