CVE-2023-39957 Path traversal allows tricking the Talk Android app into writing files into it's root directory

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android versi...

Path traversal allows tricking the Talk Android app into writing files into it's root directory

None...

OESA-2023-1443 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called stat followed by fopen in a way that made it...

PT-2023-4188

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile EPMM versions 11.8.x through 11.8.1.1 Ivanti Endpoint Manager Mobile EPMM versions 11.9.x through 11.9.1.1 Ivanti Endpoint Manager Mobile EPMM versions 11.10.x through 11.10.0.2 Description A path traversal...

Remote code execution

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability...

CVE-2023-1183

CVE-2023-1183 affects LibreOffice when used with HSQLDB (notably HSQLDB 1.8.0). A flaw allows crafting an odb containing a database/script file with a SCRIPT command, enabling the contents of the file to be written to an attacker‑specified location, i.e., arbitrary file write via .script/.log scr...

CVE-2022-47526

Fox-IT DataDiode aka Fox DataDiode 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not...

Exploit for CVE-2021-46703

CVE-2021-46703 Simple payload builder based on POC in: https:/...

CVE-2023-28371

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

CVE-2022-46723

CVE-2022-46723 affects macOS Big Sur 11.x and related macOS releases; a remote attacker could write arbitrary files. Apple fixes are in macOS Big Sur 11.7.1 and macOS Monterey 12.6.1. Remediation: update to these versions or later per Apple advisories HT213493/HT213494.

K14432: PHP SOAP wdsl cache file vulnerability CVE-2013-1635

Security Advisory Description PHP does not validate the configuration directive soap.wsdlcachedir before writing SOAP wsdl cache files to the filesystem. Impact An attacker is able to write remote wsdl files to arbitrary locations on an affected system. Security Advisory Status To determine if yo...

Siretta QUARTZ-GOLD file writing vulnerability

Siretta QUARTZ-GOLD is an industrial router with multiple features and services.A file-writing vulnerability exists in Siretta QUARTZ-GOLD, which can be exploited by attackers to cause arbitrary file uploads via specially crafted HTTP requests...

Siretta QUARTZ-GOLD 路径遍历漏洞

Siretta QUARTZ-GOLD is an industrial router with multiple features and services.A file-writing vulnerability exists in Siretta QUARTZ-GOLD, which can be exploited by attackers to cause arbitrary file uploads via specially crafted HTTP requests...

GHSA-XR8X-PXM6-PRJG MITM based Zip Slip in `org.hl7.fhir.publisher:org.hl7.fhir.publisher`

Impact MITM can enable Zip-Slip. Vulnerability Vulnerability 1: Publisher.java There is no validation that the zip file being unpacked has entries that are not maliciously writing outside of the intended destination directory...

CVE-2023-22809

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

CVE-2020-36560

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

Input validation

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

CVE-2020-36566

CVE-2020-36566 : A path traversal in the Go tar-utils library (github.com/whyrusleeping/tar-utils) allows archives with relative paths to write or overwrite files outside the target directory due to improper path sanitization. The vulnerability impacts tar-utils used in the go-ipfs codebase, with...

CVE-2020-36560

CVE-2020-36560 corresponds to a path traversal vulnerability in the Go library go-unzip (github.com/artdarek/go-unzip). The root cause is improper path handling during archive extraction, enabling archives containing relative file paths to write or overwrite files outside the intended target dire...

CVE-2018-25046

CVE-2018-25046 is a path traversal flaw in the cloudfoundry/archiver package. The published descriptions across multiple sources (including Red Hat security, OSV, and CVE records) confirm that archives containing relative file paths can cause files to be written or overwritten outside the intende...