WAGO e!COCKPIT File Path Input Validation Error Vulnerability

WAGO e!COCKPIT is a set of integrated development environment software from the German company WAGO. The software is mainly used for hardware configuration, programming and simulation. A security vulnerability exists in the firmware update function of WAGO e!COCKPIT v1.6.0.7, which is caused by...

Command Execution Vulnerability in CICMS in***.php File

CICMS is developed by PHP+MySQL, based on CodeIgniter framework, the source code is all open, and the main enterprise building site. CICMSin.php file has a command execution vulnerability. An attacker can exploit the vulnerability to write any php file and obtain the administrative privileges of...

CVE-2019-5159

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

CVE-2020-2139

The CVE concerns Jenkins Cobertura Plugin versions 1.15 and earlier, where an arbitrary file write vulnerability lets attackers who can control the coverage report file contents overwrite arbitrary files on the Jenkins master filesystem. The root cause is the plugin’s path handling not preventing...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability (cisco-sa-20200226-fxos-cli-file)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by an arbitrary file read and write vulnerability in the CLI due to insufficient input validation. An authenticated, local attacker can exploit this, via crafted arguments on a specific CLI comman...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/artdarek/go-unzip is a package go-unzip provides a very simple library to extract zip archive Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is possible during extraction due to no validation and...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/yi-ge/unzip is a Golang .zip decompress package. This package is a fork from https://github.com/artdarek/go-unzip with added support for Symlinks. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is...

CVE-2019-3696

A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise...

Arbitrary File Write

decompress is vulnerable to path traversal. The vulnerability exists due to a zip slip vulnerability. Improper handling of archives containing files that has ../ in its names allows the files to be written out of the intended path...

CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview madnest/madzipper is a Wannabe successor of Chumper/Zipper package for Laravel. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is possible during extraction due to no validation and sanitization of filenames. P...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview chumper/zipper is a little neat helper for the ZipArchive methods with handy functions. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is possible during extraction due to no validation and sanitization of...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview dariusiii/zipper is a Simple Wrapper around the ZipArchive methods with some handy functions. This package is an updated fork of Chumper/Zipper. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is possible during...

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...