Arbitrary File Write

Overview Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create...

Arbitrary File Write

Overview yarn is a package for dependency management. Affected versions of this package are vulnerable to Arbitrary File Write. The package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys. Existing files could be...

Arbitrary File Write

Overview @pnpm/package-bins is a that returns bins of a package. Affected versions of this package are vulnerable to Arbitrary File Write. The package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys. Existing files coul...

npm CLI CVE-2019-16776 Arbitrary File Write Vulnerability

Description npm CLI is prone to an arbitrary file-write vulnerability. Successful exploits may allow an attacker to gain access or perform unauthorized actions on arbitrary files on the affected system. Versions prior to npm 6.13.3 are vulnerable. Technologies Affected Oracle GraalVM Enterprise...

Arbitrary File Write

Overview Versions of bin-links prior to 1.1.5 are vulnerable to an Arbitrary File Write. The package fails to restrict access to folders outside of the intended nodemodules folder through the bin field. This allows attackers to create arbitrary files in the system. Note it is not possible to...

CVE-2019-19459

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...

SALTO ProAccess SPACE Arbitrary File Write Vulnerability

Salto Systems ProAccess SPACE is a web-based access control management tool from Salto Systems, Spain. A security vulnerability exists in Salto Systems ProAccess SPACE version 5.4.3.0. An attacker can exploit the vulnerability to write arbitrary files...

The vulnerability of the Skia library used by browsers such as Firefox ESR, Firefox, and Google Chrome allows a malicious actor to write arbitrary files to the device’s file system.

The vulnerability of the Skia library used by browsers such as Firefox ESR, Firefox, and Google Chrome relates to writing beyond the buffer boundaries of memory. Exploiting this vulnerability allows a malicious actor to write arbitrary files into the device’s file system remotely...

The vulnerability of the command-line interface (CLI) of the microprogramming software for Cisco TelePresence Collaboration Endpoint devices allows a hacker to write arbitrary files into the root directory.

The vulnerability of the command-line interface CLI of the Cisco TelePresence Collaboration Endpoint CE device’s management software is related to improper handling of permissions. Exploiting this vulnerability could allow an attacker to write arbitrary files into the root directory...

SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass Vulnerabilities

SALTO ProAccess SPACE versions 5.5 and below suffer from path traversal, arbitrary file write, persistent cross site scripting, privilege escalation, and clear text transmission of sensitive data vulnerabilities. ======================================================================= title:...

DEBIAN-CVE-2014-9356

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...

Path traversal

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...

Arbitrary File Write in iobroker.js-controller

Versions of iobroker.controller prior to 2.0.25 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended /adapter/ folder, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated to perform the...

SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SALTO ProAccess SPACE vulnerable version: = v5.6 CVE number: CVE-2019-19457, CVE-2019-19458, CVE-2019-19459, CVE-2019-19460...

Arbitrary File Write

Overview Versions of iobroker.admin prior to 3.6.12 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended folder in the /log/ route, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated t...

RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3905 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

kubernetes: `kubectl cp` allows for arbitrary file write via double symlinks

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...

hadoop: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file...

MGASA-2019-0326 Updated cpio packages fix security vulnerabilities

in cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive CVE-2015-1197. Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege...

Design/Logic Flaw

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...