6886 matches found
Design/Logic Flaw
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update SEC-303...
CVE-2017-18416
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update SEC-303...
CVE-2016-10848
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck SEC-81...
CVE-2016-10845
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/checksystemstorable SEC-78...
CVE-2016-10848
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck SEC-81...
CVE-2016-10845
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/checksystemstorable SEC-78...
Design/Logic Flaw
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/checksystemstorable SEC-78...
Design/Logic Flaw
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck SEC-81...
CVE-2016-10845
CVE-2016-10845 affects cPanel prior to 11.54.0.4. The issue is an arbitrary file-overwrite in scripts/check_system_storable (SEC-78) due to improper input handling/validation. Impact is partial confidentiality, integrity, and availability per CVSS2/3 data; exploitation details are not provided in...
CVE-2016-10845
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/checksystemstorable SEC-78...
CVE-2016-10848
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck SEC-81...
CVE-2016-10848
CVE-2016-10848 affects cPanel prior to 11.54.0.4, allowing arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). The issue is documented across multiple sources (NVD, Red Hat advisory) with a high impact rating (C/V: high; A: high) and network attack vector. The provided materials d...
icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite
It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox...
icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwrite
It was found that icedtea-web did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user...
SUSE-SU-2019:2033-1 Security update for icedtea-web
This update for icedtea-web to version 1.7.2 fixes the following issues: Security issues fixed: - CVE-2019-10181: Fixed an unsigned code injection in a signed JAR file bsc1142835 - CVE-2019-10182: Fixed a path traversal while processing elements of JNLP files results in arbitrary file overwrite...
CVE-2019-14418
An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existi...
Directory traversal
An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existi...
CVE-2019-14418
An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existi...
CVE-2019-14418
Summary: CVE-2019-14418 affects Veritas Resiliency Platform (VRP) before 3.4 HF1. A directory traversal flaw during application bundle uploads lets a VRP user with sufficient privileges overwrite any file in the VRP VM, potentially enabling full VM takeover. Affected software: Veritas Resiliency ...
Debian DSA-4489-1 : patch - security update
Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed. This update includes a bugfix for a regression introduced by the patch to address...