DEBIAN-CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

CVE-2017-1000472

POCO C++ Libraries prior to 1.8 contain a ZIP path-validation flaw in ZipCommon::isValidPath() that can allow absolute path traversal during ZIP decompression, potentially enabling creation or overwriting of arbitrary files via a crafted ZIP file. Reports across multiple distributions (Debian, Fe...

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

Updated perl packages fix security vulnerability

John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory which might be changed to another directory without the user realising and potentially leading to privilege escalation...

PT-2018-5238 · Poco +1 · Poco C++ Libraries +1

Name of the Vulnerable Software and Affected Versions: POCO C++ Libraries versions prior to 1.8 Description: The issue concerns a "file path injection vulnerability" in the ZipCommon::isValidPath function, which does not properly restrict the filename value in the ZIP header. This allows attacker...

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - NET::Ftp Command Injection Exploit

Exploit for ruby platform in category local exploits While using NET::Ftp I realised you could get command execution through "malicious" file names. The problem lies in the gettextfileremotefile, localfile = File.basenameremotefile method. When looking at the source code, you'll note: def...

CVE-2017-5261

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users...

CVE-2017-5261

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users...

CVE-2017-5261

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users...

Cambium cnPilot r200/r201 File Path Traversal

This module exploits a File Path Traversal vulnerability in Cambium cnPilot r200/r201 to read arbitrary files off the file system. Affected versions - 4.3.3-R4 and prior. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewor...

DEBIAN-CVE-2016-1255

The pgctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04...

Cambium Multiple Vulnerabilities

Exploit for hardware platform in category remote exploits Cambium Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Cambium Network Updater Tool and Networks Services Server. The Network Updater Tool is “a free-of-charge tool that...

openSUSE Security Update : perl (openSUSE-2017-1304)

This update for perl fixes the following issues : Security issues fixed : - CVE-2017-12837: Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a...

CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user in...

Design/Logic Flaw

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...

CVE-2017-1000197

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...

CVE-2017-1000197

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...

CVE-2017-1000197

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...