gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

xz security update

5.2.5-8 - Fix arbitrary file write vulnerability Resolves: CVE-2022-1271...

gzip security update

1.10-9 - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271...

AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service Vulnerabilities

Exploit Title: AnyDesk allow arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine Exploit Author: Erwin Chan Vendor Homepage: https://anydesk.com/en Software Link: https://anydesk.com/en Version: 7.0.9 Tested on: Windows 11 It was found that AnyDesk versi...

Arbitrary template creation leading to Authenticated Remote Code Execution

Description Arbitrary File Write Reproduction Steps: 1. As a low privileged user, Create a new recipe and click on the "+" to add a New Asset. 2. Select a file, then proxy the request that will create the asset. 3. Update the values in the POST request to the ones shown below: POST...

AnyDesk 7.0.9 Arbitrary File Write / Denial Of Service

Exploit Title: AnyDesk allow arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine Google Dork: if applicable Date: 24/5/2022 Exploit Author: Erwin Chan Vendor Homepage: https://anydesk.com/en Software Link: https://anydesk.com/en Version: 7.0.9 Tested on:...

Exploit for Server-Side Request Forgery in Microsoft

ProxyLogon ProxyLogon is the formally generic name for CVE-202...

Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin

Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata...

GHSA-29Q6-P2CG-4V23 Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin

Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata...

CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)

A remote and low-privileged WatchGuard Firebox or XTM user can read arbitrary system files when using the SSH interface due to an argument injection vulnerability affecting the diagnose command. Additionally, a remote and highly privileged user can write arbitrary system files when using the SSH...

CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...

EulerOS 2.0 SP8 : xz (EulerOS-SA-2022-1955)

According to the versions of the xz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a...

EulerOS 2.0 SP8 : gzip (EulerOS-SA-2022-1931)

According to the versions of the gzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, ...

EulerOS 2.0 SP5 : gzip (EulerOS-SA-2022-1892)

According to the versions of the gzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, ...

Oracle Linux 7 : xz (ELSA-2022-5052)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-5052 advisory. 5.2.2-2 - Fix CVE-2022-1271 Resolves: CVE-2022-1271 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

CVE-2022-31219 Drive Composer Link Following Local Privilege Escalation Vulnerability

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation o...

gzip: arbitrary-file-write vulnerability

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

ABB Drive Composer 后置链接漏洞

ABB Drive Composer is a 32-bit Windows application from ABB Switzerland. It is used to commission and maintain ABB Common Architecture drives. A security vulnerability exists in ABB Drive Composer that originates from a vulnerability that allows a low-privileged attacker to create and write files...

PT-2022-20614 · Abb · Abb Automation Builder +1

Name of the Vulnerable Software and Affected Versions: ABB Automation Builder Drive Composer affected versions not specified Description: The issue allows a low-privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content, provided the file does n...

CVE-2022-31590

SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the...