zgrep -- arbitrary file write

RedHat reports: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

CVE-2022-20755

CVE-2022-20755 affects Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). An authenticated, remote attacker with read/write privileges can exploit weaknesses in the API and web-based management interfaces to write arbitrary files or execute code on the underlying OS ...

OpenSSH < 8.0

According to its banner, the version of OpenSSH running on the remote host is prior to 8.0. It is, therefore, affected by the following vulnerabilities: - A permission bypass vulnerability due to improper directory name validation. An unauthenticated, remote attacker can exploit this, with a...

CVE-2022-23793

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path...

PT-2022-6761 · Jszip +1 · Jszip +1

Name of the Vulnerable Software and Affected Versions: JSZip versions prior to 3.8.0 Description: The issue is related to the loadAsync function in JSZip, which allows directory traversal via a crafted ZIP archive. This can be exploited by a remote attacker to write arbitrary files and execute...

CVE-2022-25347 Delta Electronics DIAEnergie Path Traversal

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system...

DEBIAN-CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...

UBUNTU-CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code...

Delta Electronics DIAEnergie路径遍历漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A path traversal...

CVE-2021-39384

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java...

CVE-2021-39384

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java...

CVE-2021-39384

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java...

CVE-2021-39384

CVE-2021-39384 : DWSurvey v3.2.0 contains an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. This is the root cause described in the CVE entry. CVSS metrics indicate a high-severity issue (CVSSv3.1 base score 9.8, CRITICAL) with NETWORK attack vector, no authentica...

DWSurvey 代码问题漏洞

DWSurvey is a survey system written in Java. DWSurvey v3.2.0 has a security vulnerability that allows an attacker to write arbitrary files via the component /utils/ToHtmlServlet.java...

Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

GHSA-VW83-H3MQ-3QWJ Path Traversal in Spring-integration-zip

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

CVE-2021-25003

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE...

WordPress plugin WPCargo Track & Trace 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

GHSA-727H-HRW8-JG8Q Path traversal in org.postgresql:postgresql

In pgjdbc before 42.3.3, an attacker who controls the jdbc URL or properties can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat...

Arbitrary file write in nats-server

This document is canonically: Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. JetStream is the optional RAFT-based resilient persistent feature of NATS. Problem Description The JetStream...