Lucene search
K

6886 matches found

Snyk
Snyk
added 2018/10/01 8:29 a.m.1 views

Directory Traversal

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Directory Traversal. Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in...

5.8CVSS6.3AI score0.01538EPSS
Exploits1References2
OSV
OSV
added 2018/10/01 8:29 a.m.1 views

UBUNTU-CVE-2018-17828

Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...

5.5CVSS6.7AI score0.01538EPSS
Exploits1References2
CVE
CVE
added 2018/10/01 8:0 a.m.56 views

CVE-2015-9267

CVE-2015-9267 affects NSIS (Nullsoft Scriptable Install System) before 2.49. The vulnerability arises from the use of temporary folder locations, enabling unprivileged local users to overwrite files, which can allow replacing either an installer plugin or the uninstaller with a trojan. In practic...

5.5CVSS6AI score0.00386EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/10/01 8:0 a.m.237 views

CVE-2018-17828

Summary: CVE-2018-17828 is a directory-traversal flaw in ZZIPlib 0.13.69 where an attacker can overwrite arbitrary files via ".." in a zip, due to unzzip_cat in bins/unzzipcat-mem.c. The connected advisories confirm affected packages across Linux distros and provide remediation by updating zzipli...

5.8CVSS5.3AI score0.01538EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2018/10/01 8:0 a.m.32 views

CVE-2018-17828

Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...

5.8CVSS5.5AI score0.01538EPSS
Exploits1
OpenVAS
OpenVAS
added 2018/09/27 12:0 a.m.34 views

Apache Tika 0.9 - 1.18 Zip Slip Arbitrary File Overwrite Vulnerability

Apache Tika is prone to a zip slip arbitrary file overwrite vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.9CVSS6.1AI score0.05449EPSS
Exploits0References1
OSV
OSV
added 2018/09/25 1:29 p.m.5 views

CVE-2018-15960

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite...

7.5CVSS5.9AI score0.05525EPSS
Exploits0References3
NVD
NVD
added 2018/09/25 1:29 p.m.19 views

CVE-2018-15960

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite...

7.5CVSS7.9AI score0.05525EPSS
Exploits0References3
Prion
Prion
added 2018/09/25 1:29 p.m.20 views

Design/Logic Flaw

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite...

6.4CVSS7.9AI score0.05525EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/09/25 1:0 p.m.56 views

CVE-2018-15960

CVE-2018-15960 affects Adobe ColdFusion (2018 July 12 release and earlier 2018 updates; also ColdFusion 11 Update 14 and earlier/2016 Update 6 and earlier). The connected advisory CPAI-2019-0985 identifies CKEditor Directory Traversal in the ColdFusion CKEditor component, due to improper sanitiza...

7.5CVSS7.8AI score0.05525EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/09/25 1:0 p.m.19 views

CVE-2018-15960

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite...

7.9AI score0.05525EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/09/25 12:0 a.m.3 views

PT-2018-14208

Name of the Vulnerable Software and Affected Versions ZZIPlib version 0.13.69 Description The issue allows attackers to overwrite arbitrary files via a .. dot dot in a zip file. This is due to the unzzip cat function in the bins/unzzipcat-mem.c file. Recommendations For ZZIPlib version 0.13.69,...

6.5CVSS6.5AI score0.02305EPSS
Exploits15References75
RedhatCVE
RedhatCVE
added 2018/09/24 9:20 p.m.30 views

CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

7.5CVSS1.7AI score0.05449EPSS
Exploits0References2
NVD
NVD
added 2018/09/21 7:29 a.m.43 views

CVE-2018-17297

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5CVSS7.5AI score0.02674EPSS
Exploits0References1
CNVD
CNVD
added 2018/09/21 12:0 a.m.3 views

Apache Tika Arbitrary File Overwrite Vulnerability

Apache Tika is the United States Apache Apache Software Foundation, an integrated POI using Java programs to provide read and write Microsoft Office format documents open-source library, Pdfbox read and create PDF documents pure Java class library and for text extraction work provides a unified...

5.9CVSS6AI score0.05449EPSS
Exploits0References1
Veracode
Veracode
added 2018/09/20 3:32 a.m.24 views

Arbitrary File Overwrite

Apache tika-app is vulnerable to arbitrary file overwrite. An input file that has an embedded file containing an absolute path such as C:/evil.dll will cause the application to overwrite the file when the extract directory tag --extract-dir= is not specified on the commandline...

5.9CVSS6.1AI score0.05449EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2018/09/19 2:0 p.m.92 views

CVE-2018-11762

CVE-2018-11762 affects Apache Tika 0.9–1.18. In the rare case where no extract directory is specified on the command line and an embedded file has an absolute path (e.g., C:/evil.bat), tika-app could overwrite that file. The issue is a path handling/Zip extraction edge case; impact is potential a...

5.9CVSS5.7AI score0.05449EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2018/09/12 12:0 a.m.64 views

Adobe ColdFusion Multiple Vulnerabilities (APSB18-33)

Adobe ColdFusion is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:coldfusion";...

10CVSS7.7AI score0.9995EPSS
Exploits12References3
The Hacker News
The Hacker News
added 2018/09/11 5:25 p.m.7 views

Adobe Issues ColdFusion Software Update for 6 Critical Vulnerabilities

Adobe has released September 2018 security patch updates for a total of 10 vulnerabilities in Flash Player and ColdFusion, six of which are rated as critical that affected ColdFusion and could allow attackers to remotely execute arbitrary code on a vulnerable server. What's the good news this mon...

10CVSS7.7AI score0.9995EPSS
Exploits12
OSV
OSV
added 2018/09/07 2:29 p.m.3 views

CVE-2018-0659

Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file...

5.5CVSS5.8AI score0.01419EPSS
Exploits0References2
Rows per page
Query Builder