PT-2022-24252 · F Secure · F-Secure Policy Manager +1

Name of the Vulnerable Software and Affected Versions: F-Secure Policy Manager versions prior to 2022-08-10 WithSecure versions prior to 2022-08-10 Description: The issue allows unauthenticated users to perform an arbitrary file write, enabling them to write files with arbitrary contents in vario...

BACKCLICK 路径遍历漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63 that stems from improper validation or cleanup of uploaded filenames, where an...

CLSA-2022-1668547209 xz: Fix of CVE-2022-1271

CVE-2022-1271: Fix arbitrary file write vulnerability in xzgrep utility...

CLSA-2022-1668546739 xz: Fix of CVE-2022-1271

CVE-2022-1271: Fix arbitrary file write vulnerability in xzgrep utility...

samba: server memory information leak via SMB1

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

Exploit for Path Traversal in Zimbra Collaboration

CVE-2022-41352 Zimbra Unauthenticated RCE CVE-2022-41352...

MetaMask: Arbitrary file write triggered by deeplink abuse - MetaMask Android

A vulnerability was discovered in the MetaMask Android app that allowed for arbitrary files to be written to disk. Attackers were able to exploit this vulnerability by deeplinking into MetaMask's in-app browser and triggering the immediate download of an attacker-supplied file. Users were not...

Arbitrary File Write

apache ivy is vulnerable to arbitrary file write. The vulnerability exists due to the unpack function in ZipPacking.java not properly verifying the target path when extracting an artifact archive, allowing an attacker to write files to any location on the file system through the absolute paths or...

PT-2022-5515 · Microsoft · Windows System Monitor

Name of the Vulnerable Software and Affected Versions: Microsoft Windows System Monitor Sysmon affected versions not specified Description: The issue is related to insufficient access control in the Microsoft Windows System Monitor Sysmon service, which can allow an attacker to elevate their...

CVE-2022-37865

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. A...

CVE-2022-37865

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. A...

Code injection

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. A...

CVE-2022-37865

CVE-2022-37865 affects Apache Ivy when using packaging types zip/jar/war with an unpacking on-the-fly feature introduced in Ivy 2.4.0. The vulnerability arises from Ivy’s archive extraction not validating target paths, allowing an archive containing absolute paths or paths using .. to write files...

WordPress plugin Import any XML or CSV File to WordPress 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. The WordPress plugin Import any XML or CSV File to...

SolarWinds Orion Arbitrary File Write (CVE-2020-27871)

An arbitrary file write vulnerability exists in SolarWinds Network Configuration Manager. The vulnerability is due to insufficient validation of file types for vulnerability announcement data files in VulnerabilitySettings.aspx, combined with a lack of restriction on destination paths. A remote,...

CVE-2022-38582

Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files...

Watchdog Antivirus 安全漏洞

Watchdog Antivirus is an anti-malware program from Watchdog. Designed to neutralize viruses, trojans, rootkits, worms, spyware and adware. A security vulnerability exists in Watchdog Antivirus version v1.4.158, which stems from incorrect access control in the anti-virus driver wsdkd.sys, allowing...

PT-2022-24470 · Unknown · Watchdog Anti-Virus

Name of the Vulnerable Software and Affected Versions: Watchdog Antivirus version 1.4.158 Description: The issue is related to incorrect access control in the anti-virus driver wsdkd.sys, which allows attackers to write arbitrary files. Recommendations: For Watchdog Antivirus version 1.4.158,...

Amazon Linux 2022 : xz, xz-devel, xz-libs (ALAS2022-2022-187)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-187 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...

Amazon Linux 2022 : gzip (ALAS2022-2022-188)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-188 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...