Arbitrary File Write With Null Byte In File Name

The DiskFileItem class in Apache Commons FileUpload allows remote attackers to write to arbitrary files via a NULL byte in a file name when it is deserialized. This vulnerability first requires the application using this library to be deserializing untrusted data...

Arbitrary File Write

jbossweb is vulnerable to arbitrary file write attacks. The vulnerability exists as the readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to...

Arbitrary File Write

sssd is vulnerable to arbitrary file write attacks. The vulnerability exists as System Security Services Daemon SSSD before 1.9.4, when 1 creating, 2 copying, or 3 removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another...

CVE-2018-1000406

A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an...

OpenSSH SCP Client - Write Arbitrary Files

OpenSSH SCP Client - Write Arbitrary Files ''' Title: SSHtranger Things Author: Mark E. Haase Homepage: https://www.hyperiongray.com Date: 2019-01-17 CVE: CVE-2019-6111, CVE-2019-6110 Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Tested on: Ubuntu 18.04.1 LTS,...

Jenkins path traversal vulnerability (CNVD-2019-01085)

CloudBees Jenkins formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor continuous software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins a long-ter...

CVE-2018-1000406

A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an...

CVE-2018-1000406

A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an...

Path traversal

A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an...

CVE-2018-1000406

A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an...

CVE-2018-1000406

CVE-2018-1000406 documents a path traversal vulnerability in Jenkins 2.145 and earlier (including LTS 2.138.1 and earlier) in file handling code located at core/src/main/java/hudson/model/FileParameterValue.java. An attacker with Job/Configure permission can define a file parameter whose name esc...

EUVD-2022-2226

A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an...

YUNUCMS cross-site scripting vulnerability (CNVD-2019-00565)

YUNUCMS is China Yunyou YUNU network technology company of a set of open source enterprise station building content management system CMS. YUNUCMS1.1.8 version of the app/admin/controller/System.php file there is a cross-site scripting vulnerability , a remote attacker can write to the sys.php fi...

Directory traversal

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

CVE-2019-3580

OpenRefine (up to version 3.1) is affected by CVE-2019-3580: during import of a crafted project file, a directory traversal flaw allows arbitrary file write. The description consistently states this vulnerability exists in OpenRefine 3.1 and earlier, caused by directory traversal in the import pr...

Fedora 28 : ant (2018-cba3ccd747)

Backport fix for arbitrary file write vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 28 : plexus-archiver (2018-7a9a2f6ec0)

Security fix: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file CVE-2018-1002200 A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attack...