Arbitrary File Write

dependency-check-core is vulnerable to arbitrary file write. The vulnerability exists due to the improper checking on the extracted file path, allowing arbitrary file writes...

CVE-2018-12046

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...

CVE-2018-12046

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...

Design/Logic Flaw

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...

CVE-2018-12046

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...

CVE-2018-12046

The CVE-2018-12046 entry concerns DedeCMS up to version 5.7SP2. A flaw in dede/file_manage_control.php allows arbitrary file write via a request to dede/file_manage_view.php?fmdo=newfile, passing name and str parameters to write a new PHP file. This is the stated vulnerability and impact in the p...

DedeCMS Arbitrary File Write Vulnerability

Desdev DedeCMS Dream Weaving Content Management System is China's Zhuozhuo network Desdev Technology Co., Ltd. of a set of open-source set of content publishing, editing, management and retrieval of PHP Web site content management system CMS. A security vulnerability exists in the file...

CVE-2018-12036

CVE-2018-12036 affects OWASP Dependency-Check prior to 3.2.0. The issue allows an attacker to write to arbitrary files by processing a crafted archive that contains directory traversal filenames, enabling arbitrary file writes. This is caused by unsafe extraction paths in the affected component. ...

CVE-2018-12036

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...

Arbitrary File Write

github.com/mholt/archiver is vulnerable to arbitrary file write. The library does not properly sanitize the destination filepath when extracting archived files, allowing a malicious user to extract files to an arbitrary filepath and overwrite files...

Arbitrary File Write

unzipper is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Arbitrary File Write

zip4j is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Arbitrary File Write

orientdb is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Arbitrary File Write

adm-zip is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Arbitrary File Write

concourse-driver-java is vulnerable to arbitrary file write. The application does not properly validate the destination filepath when during zip file extraction, allowing a malicious user to control the write destination and overwrite files...

Arbitrary File Write

SonarQube is vulnerable to zip-slip vulnerability. The vulnerability exists when the attacker inputs a malicious zip archive with filenames including file traversal characters such as dot dot .., leading to concatenation of file path locating outside of the destination folder...

Arbitrary File Write

zt-zip is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...

Apache Storm Arbitrary File Write Vulnerability

Apache Storm is the United States Apache Apache Software Foundation, a set of Clojure Concurrent Programming Language developed using free open source distributed real-time computing system. An arbitrary file write vulnerability exists in Apache Storm versions 1.0.6 and earlier and 1.2.1 and...

cgminer and bfgminer absolute directory traversal vulnerability

Both cgminer and bfgminer are bitcoin mining software. A path traversal vulnerability exists in the remote management interface in cgminer version 4.10.0 and bfgminer version 5.5.0. A remote attacker could exploit this vulnerability to write a mining machine configuration file to an arbitrary...

CVE-2018-8008

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...