CVE-2018-20947

cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script SEC-356...

File Write Vulnerability in Ziggy's Fortress

Zhejiang Qiji Technology Co., Ltd. is a company mainly engaged in computer hardware and software, network products, technology development and other projects. A file write vulnerability exists in Qiji Fortress, which can be exploited by an attacker to gain control of a web server...

Foxit PDF SDK ActiveX File Write Vulnerability

Foxit PDF SDK ActiveX is a visual programming components , not only to provide PDF display and annotation features , but also has a small amount of resources , distribution of small size and so on. Foxit PDF SDK ActiveX 5.5.0 and earlier versions in the use of JavaScript API Doc.exportAsFDF file...

CVE-2019-0214

Apache Archiva 2.0.0–2.2.3 is affected by CVE-2019-0214, where the artifact upload mechanism allows writing files to arbitrary locations and can overwrite existing files if the Archiva process user has filesystem permissions. Root cause described is improper handling of uploaded artifact file pat...

File write vulnerability in MetInfo version 6.1.3 backend

MetInfo is a content management system CMS developed using PHP and Mysql by Changsha Mito Information Technology Co. A file write vulnerability exists in the backend of MetInfo version 6.1.3, which can be exploited by attackers to gain control of the web server...

CVE-2014-4150

The CVE-2014-4150 vulnerability affects Scheme 48, specifically the scheme48-send-definition function in cmuscheme48.el. The issue allows a local attacker to write to arbitrary files by exploiting a symlink attack on /tmp/s48lose.tmp. The public-facing details clearly describe the root cause as a...

CentOS 7 : plexus-archiver (CESA-2018:1836)

An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

plexus security update

CentOS Errata and Security Advisory CESA-2018:1836 An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Oracle Linux 7 : plexus-archiver (ELSA-2018-1836)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1836 advisory. 0:2.4.2-5 - Fix arbitrary file write vulnerability - Resolves: CVE-2018-1002200 Tenable has extracted the preceding description block directly from the Oracle...

Important: Red Hat Security Advisory: rh-maven33-plexus-archiver and rh-maven35-plexus-archiver security update

An update for rh-maven33-plexus-archiver and rh-maven35-plexus-archiver is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

Important: Red Hat Security Advisory: plexus-archiver security update

An update for plexus-archiver is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Node.js third-party modules: Arbitrary File Write Through Archive Extraction

I would like to report arbitrary file write vulnerability in adm-zip module It allows attackers to write arbitrary files when a malicious archive is extracted. More info here: https://snyk.io/research/zip-slip-vulnerability https://github.com/snyk/zip-slip-vulnerabilityaffected-libraries Module...

CVE-2017-12092

The CVE-2017-12092 vulnerability affects Allen‑Bradley MicroLogix 1400 Series B FRN 21.2 and earlier. A remote, unauthenticated attacker can send a specially crafted packet that triggers a file write to the memory module, causing a new program to be written to memory. Mitigation: upgrade to FRN 2...

CVE-2018-1263

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

CVE-2018-1315

CVE-2018-1315 affects Apache Hive 2.1.0–2.3.2 when using the HPL/SQL extension and issuing COPY FROM FTP. The FTP client does not verify the destination path, allowing a compromised FTP server to cause the downloaded file to be written to an arbitrary location on the cluster where the command is ...

CVE-2014-2312

Thermald contains a local-privilege vulnerability in android_main.cpp that allows a symlink attack on /tmp/thermald.pid to overwrite arbitrary files. Impact is arbitrary file write (I = HIGH) with local access and no user interaction required. The connected sources confirm the affected software (...

YXCMS has multiple vulnerabilities

Yxcms is an enterprise building system based on PHP and mysql technology. Yxcms 1.4.6 version exists stored XSS, arbitrary file deletion, file write, SQL injection vulnerability, attackers can exploit the vulnerability to obtain control of the web server...

File Write Vulnerability in Cscms v4.1.8

Cscms is a diversified content management system developed using PHP5+MYSQL as the technical basis. A file write vulnerability exists in Cscms v4.1.8, which is due to the system failing to effectively filter input parameters and file paths. An attacker can use this vulnerability to inject Trojan...

Debian DLA-1243-1 : xbmc security update

The Check Point Research Team discovered that the XBMC media center allows arbitrary file write when a malicious subtitle file is downloaded in zip format. This update requires the new dependency libboost-regex1.49. For Debian 7 'Wheezy', these problems have been fixed in version...

CVE-2014-4994

lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames...