Important: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RLSA-2022:4582 Important: gzip security update

The gzip packages contain the gzip GNU zip data compression utility. gzip is used to compress regular files. It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times. Security Fixes: gzip: arbitrary-file-write vulnerability...

gzip security update

An update is available for gzip. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gzip packages contain the gzip GNU zip data compression utility. gzip is use...

CVE-2022-1359

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters ../ as part of a filename, the server will save the file where the attacker...

CVE-2022-1359

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters ../ as part of a filename, the server will save the file where the attacker...

Path traversal

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters ../ as part of a filename, the server will save the file where the attacker...

CVE-2022-1359 Cambium Networks cnMaestro Path Traversal

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters ../ as part of a filename, the server will save the file where the attacker...

CVE-2022-1359

The CVE-2022-1359 entry describes an arbitrary file-write path traversal vulnerability in Cambium Networks cnMaestro On-Premises. An attacker can supply ../ in a filename to write data to arbitrary server files via a restricted pathname in a specific route. This affects On-Premise cnMaestro and c...

CVE-2022-1359 Cambium Networks cnMaestro Path Traversal

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters ../ as part of a filename, the server will save the file where the attacker...

CVE-2021-42643

cmseasy V7.7.520211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability...

Remote code execution

cmseasy V7.7.520211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability...

CVE-2021-42643

CVE-2021-42643 affects CmsEasy cmseasy v7.7.5_20211012 with an arbitrary file write vulnerability that allows writing a PHP script to the web server and, when accessed, can lead to code execution. This is documented across NVD/NVD-derived pages and CNNVD describing the same issue. The supplied co...

GHSA-M454-CM7H-RQHH OpenStack Nova Directory traversal vulnerability

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2 and Essex 2012.1, when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. dot dot in the path attribute of a file element...

GHSA-W47P-5Q88-HJ5G Path Traversal in Apache Jetspeed

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. dot dot in a ZIP archive entry, as demonstrated by...

OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization

Affected Versions: Version 2.2.0 is affected, and prior versions are likely affected too. - Vulnerabilities Description: Vulnerable component is switching to another tab. To exploit vulnerability, an attacker may send a POST request with application/x-www-form-urlencoded content-type to AJAX...

SUSE SLES12 Security Update : gzip (SUSE-SU-2022:1673-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1673-1 advisory. - CVE-2022-1271: Add hardening for zgrep. bsc1198062 Tenable has extracted the preceding description block directly from the SUSE security...

CmsEasy 路径遍历漏洞

CmsEasy is a content management system CMS for creating responsive websites from China's Jiuzhou ET Technology Company. A security vulnerability exists in CmsEasy version 7.7.520211012, which stems from cmseasy being affected by an arbitrary file write vulnerability...

SUSE SLES15 Security Update : gzip (SUSE-SU-2022:1674-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1674-1 advisory. - CVE-2022-1271: Add hardening for zgrep. bsc1198062 Tenable has extracted the preceding description block directly from the SUSE security...

ROS-20220516-02

A vulnerability in the gzip library is related to errors in file name processing. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files to the system using the command-line utilities zgrep and xzgrep command line utilities...

Arbitrary file write in Apache Commons Fileupload

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...