6886 matches found
Directory Traversal
Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Directory Traversal. Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in...
UBUNTU-CVE-2018-17828
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...
CVE-2015-9267
CVE-2015-9267 affects NSIS (Nullsoft Scriptable Install System) before 2.49. The vulnerability arises from the use of temporary folder locations, enabling unprivileged local users to overwrite files, which can allow replacing either an installer plugin or the uninstaller with a trojan. In practic...
CVE-2018-17828
Summary: CVE-2018-17828 is a directory-traversal flaw in ZZIPlib 0.13.69 where an attacker can overwrite arbitrary files via ".." in a zip, due to unzzip_cat in bins/unzzipcat-mem.c. The connected advisories confirm affected packages across Linux distros and provide remediation by updating zzipli...
CVE-2018-17828
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...
Apache Tika 0.9 - 1.18 Zip Slip Arbitrary File Overwrite Vulnerability
Apache Tika is prone to a zip slip arbitrary file overwrite vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2018-15960
Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite...
CVE-2018-15960
Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite...
Design/Logic Flaw
Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite...
CVE-2018-15960
CVE-2018-15960 affects Adobe ColdFusion (2018 July 12 release and earlier 2018 updates; also ColdFusion 11 Update 14 and earlier/2016 Update 6 and earlier). The connected advisory CPAI-2019-0985 identifies CKEditor Directory Traversal in the ColdFusion CKEditor component, due to improper sanitiza...
CVE-2018-15960
Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite...
PT-2018-14208
Name of the Vulnerable Software and Affected Versions ZZIPlib version 0.13.69 Description The issue allows attackers to overwrite arbitrary files via a .. dot dot in a zip file. This is due to the unzzip cat function in the bins/unzzipcat-mem.c file. Recommendations For ZZIPlib version 0.13.69,...
CVE-2018-11762
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...
CVE-2018-17297
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...
Apache Tika Arbitrary File Overwrite Vulnerability
Apache Tika is the United States Apache Apache Software Foundation, an integrated POI using Java programs to provide read and write Microsoft Office format documents open-source library, Pdfbox read and create PDF documents pure Java class library and for text extraction work provides a unified...
Arbitrary File Overwrite
Apache tika-app is vulnerable to arbitrary file overwrite. An input file that has an embedded file containing an absolute path such as C:/evil.dll will cause the application to overwrite the file when the extract directory tag --extract-dir= is not specified on the commandline...
CVE-2018-11762
CVE-2018-11762 affects Apache Tika 0.9–1.18. In the rare case where no extract directory is specified on the command line and an embedded file has an absolute path (e.g., C:/evil.bat), tika-app could overwrite that file. The issue is a path handling/Zip extraction edge case; impact is potential a...
Adobe ColdFusion Multiple Vulnerabilities (APSB18-33)
Adobe ColdFusion is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:coldfusion";...
Adobe Issues ColdFusion Software Update for 6 Critical Vulnerabilities
Adobe has released September 2018 security patch updates for a total of 10 vulnerabilities in Flash Player and ColdFusion, six of which are rated as critical that affected ColdFusion and could allow attackers to remotely execute arbitrary code on a vulnerable server. What's the good news this mon...
CVE-2018-0659
Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file...