High severity vulnerability that affects org.apache.syncope:syncope-core

An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can use XSL Transformations XSLT to perform malicious operations, including but not limited to file read, file write, and code execution...

GHSA-QFJV-998W-Q48F Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution...

CVE-2018-17186

CVE-2018-17186 affects Apache Syncope (admin/workflow entitlements) where XML External Entity (XXE) via DTD in workflow definitions allows an attacker to read/write files and execute code. Multiple sources (CNVD/NVD/OSV/Veracode/GHSA) describe the vulnerability as involving DTD processing to perf...

CVE-2018-17186

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution...

CVE-2018-17186

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution...

LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions

LibreHealth 2.0.0 - Authenticated Arbitrary File Actions Exploit Title: LibreHealth 2.0.0 - Arbitrary File Actions Date: 2018-10-19 Exploit Author: Carlos Avila Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested on: Debian LAMP,...

glusterfs: Device files can be created in arbitrary locations

A flaw was found in RPC request using gfs3mknodreq supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node...

rubyzip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file

A directory and symbolic link traversal flaw was found in the way rubyzip gem extracts zip files. An attacker, with access to a privileged application capable of extracting zip files, could use this flaw to write new files to arbitrary paths, accessible by the aforementioned privileged applicatio...

Advantech WebAccess WADashboard API Path Traversal Vulnerability

Advantech WebAccess is a set of HMI/SCADA software based on browser architecture from Advantech. The software supports dynamic graphical displays and real-time data control, and provides remote control and management of automation devices.WADashboard API is one of the dashboard API components. A...

Arbitrary File Write

ms-mcms is vulnerable to arbitrary file write attacks. The vulnerability exists in com/mingsoft/cms/action/GeneraterAction.java where the value of the url parameter could be used to specify arbitrary .jsp files to be written...

CVE-2018-18831

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file in the position parameter to an arbitrary directory via a ../ Directory Traversal in the url parameter...

ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write

ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write Exploit Title: ServersCheck Monitoring Software 14.3.3 - Denial of Service PoC Author: John Page aka hyp3rlinx Date: 2018-10-23 Vendor: www.serverscheck.com Software Link: http://downloads.serverscheck.com/monitoringsoftware/setup.exe...

ServersCheck Monitoring Software 14.3.3 Arbitrary File Write / DoS

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt + ISR: ApparitionSec Greetz: Greetz: indoushka | Eduardo B. Vendor www.serverscheck.com Product...

ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write

Exploit Title: ServersCheck Monitoring Software 14.3.3 - Denial of Service PoC Author: John Page aka hyp3rlinx Date: 2018-10-23 Vendor: www.serverscheck.com Software Link: http://downloads.serverscheck.com/monitoringsoftware/setup.exe CVE: N/A References:...

GHSA-M9JM-RHRM-GCXJ Path traversal in org.springframework.integration:spring-integration-zip

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

Path traversal in org.springframework.integration:spring-integration-zip

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

GHSA-898J-5CC8-CMF5 ZipSlip in org.apache.storm:storm-core

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

FreeBSD : jenkins -- multiple vulnerabilities (3350275d-cd5a-11e8-a7be-3497f683cb16)

Jenkins Security Advisory : DescriptionLow SECURITY-867 Path traversal vulnerability in Stapler allowed accessing internal data Medium SECURITY-1074 Arbitrary file write vulnerability using file parameter definitions Medium SECURITY-1129 Reflected XSS vulnerability Medium SECURITY-1162 Ephemeral...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Low SECURITY-867 Path traversal vulnerability in Stapler allowed accessing internal data Medium SECURITY-1074 Arbitrary file write vulnerability using file parameter definitions Medium SECURITY-1129 Reflected XSS vulnerability Medium SECURITY-1162 Ephemeral...

Security update for ghostscript (important)

This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...