CVE-2022-34109

An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto, regardless of file type or size...

CVE-2022-34109

CVE-2022-34109 affects MSI Feature Navigator v1.0.1808.0901; the issue allows local attackers to write arbitrary files into the PromoPhoto directory, enabling potential arbitrary file write. CVE-2022-34110 enables attackers to download arbitrary files, also affecting the same MSI component. CVE-2...

GHSA-P2F7-9CV7-JJF6 Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

CVE-2022-26049 Arbitrary File Write via Archive Extraction (Zip Slip)

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

GHSA-9VM3-R8GQ-CR6X Casdoor arbitrary file write vulnerability

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource...

Casdoor arbitrary file write vulnerability

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource...

CVE-2022-38638

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource...

CVE-2022-38638

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource...

CVE-2022-38638

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource...

CVE-2022-38638

Casdoor v1.97.3 is affected by an arbitrary file-write vulnerability exploitable via the fullFilePath parameter in /api/upload-resource. The CVE-2022-38638 entry is rated CRITICAL (CVSS 3.1: AV=N, AC=L, PR=N, UI=N, S=U, C=N, I=H, A=H) with network access and no user interaction. Root cause, impac...

PT-2022-24495 · Casdoor · Casdoor

Name of the Vulnerable Software and Affected Versions: Casdoor version 1.97.3 Description: The issue is related to an arbitrary file write vulnerability. This vulnerability can be exploited via the fullFilePath parameter at the "/api/upload-resource" API endpoint. Recommendations: For Casdoor...

Casdoor 路径遍历漏洞

Casdoor is an open source Identity and Access Management IAM / Single Sign-On SSO platform with a Web UI that supports OAuth 2.0 / OIDC and SAML authentication. A security vulnerability exists in Casdoor v1.97.3, which is caused by an arbitrary file write vulnerability via the fullFilePath...

CLSA-2022-1662658348 Fixed CVE-2022-29154 in rsync

CVE-2022-29154: fix arbitrary file write vulnerability via malicious rsync server MITM attack, refactoring - fix test-system components, enable 'daemon' and 'hardlinks' tests...

Fixed CVE-2022-29154 in rsync

CVE-2022-29154: fix arbitrary file write vulnerability via malicious rsync server MITM attack, refactoring - fix test-system components, enable 'daemon' and 'hardlinks' tests...

CLSA-2022-1662658181 Fixed CVE-2022-29154 in rsync

CVE-2022-29154: fix arbitrary file write vulnerability via malicious rsync server MITM attack, refactoring - fix test-system components, enable 'daemon' and 'hardlinks' tests...

CLSA-2022-1662658118 Fix CVE(s): CVE-2022-29154

SECURITY UPDATE: arbitrary file write vulnerability via malicious rsync server MITM attack, refactoring - debian/patches/CVE-2022-29154-0.patch: prepare for CVE-2022-29154 patch - debian/patches/CVE-2022-29154-1.patch: add extra file-list safety checks - CVE-2022-29154...

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example a crafted file name) this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote low privileged attacker to force zgrep to write arbitrary files on the system.

...

RHEL 9 : gzip (RHSA-2022:4582)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:4582 advisory. The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing t...

GLSA-202209-01 : GNU Gzip, XZ Utils: Arbitrary file write

The remote host is affected by the vulnerability described in GLSA-202209-01 GNU Gzip, XZ Utils: Arbitrary file write - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can...

Amazon Linux 2022 : gzip, xz, xz-devel (ALAS2022-2022-058)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-058 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's...