Path traversal

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

CVE-2018-1263

CVE-2018-1263 affects spring-integration-zip (prior to 1.0.2 per initial, with later references noting fixes up to 1.0.4). The flaw is a path-traversal during archive extraction, where filenames are concatenated to the target directory, allowing an arbitrary file write outside the intended folder...

Pivotal Spring-integration-zip Arbitrary File Write Vulnerability

Pivotal Spring-integration-zip is a U.S. Pivotal Software, Inc. used in Spring in the compression/decompression components. An arbitrary file write vulnerability exists in Pivotal Spring-integration-zip versions prior to 1.0.1. The vulnerability can be exploited to write arbitrary files with a...

Arbitrary File Write

spring-integration-zip is vulnerable to arbitrary file write. The library is missing a path check during the unzipping process, allowing a malicious user to pass a file path outside the intended directory, which can then be used to write arbitrary files within a user application. This vulnerabili...

Path traversal

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

CVE-2018-1261

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

CVE-2018-1261

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

CVE-2018-1261

The CVE-2018-1261 entry concerns spring-integration-zip. Affected component: spring-integration-zip prior to version 1.0.1. Vulnerability: arbitrary file write via path traversal in zip archives (including nested formats like zip, tar, 7z, etc.) when a crafted filename is concatenated to the targ...

CVE-2018-1261

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

Arbitrary File Write

spring-integration-zip is vulnerable to arbitrary file write attacks. The vulnerability exists due to the lack of sanitization of the filename, allowing path-traversal filenames to exist and write to arbitrary file locations during the unzipping process...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview org.springframework.integration:spring-integration-zip provides Zip un- compression support. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". It is exploited using a specially crafted zip archive, that holds path traversal...

Arbitrary File Write

plexus-archive is vulnerable to arbitrary file write. The application does not properly handle the filename, allowing a malicious user to pass an archive file that can be extracted to an arbitrary directory on the system...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview org.apache.storm:storm-core is a distributed realtime computation system. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. Details It is exploited using a specially crafted zip archive, that holds path traversal filenames. When...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview org.apache.storm:storm-server is a distributed realtime computation system. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. Details It is exploited using a specially crafted zip archive, that holds path traversal filenames. When...

Multiple F5 Products Arbitrary File Write Vulnerability

F5 BIG-IP LTM, etc. are products of F5 Corporation, U.S.A. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. A security vulnerability exists in several F5 products. An attacker can exploit the vulnerability to perform a write operation to an arbitrary fi...

CVE-2018-5519

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access for example, any user when licensed for Appliance Mode, this allo...

CVE-2013-0159

The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg...

Arbitrary File Write Vulnerability in CoverCMS v1.1.7

Shanghai Raging Wolf Network Technology Co., Ltd. is committed to the development of mobile Internet and enterprise website, e-commerce website. Arbitrary file writing vulnerability exists in CoverCMS v1.1.7, due to the product has not filtered the file name and content of the file to be written,...

Arbitrary File Write Vulnerability in phpComasy CMS System

phpComasy CMS is a foreign open source content management system, with simple and fast, scalable, is the ideal system for small and medium-sized websites. phpComasy CMS system suffers from an arbitrary file write vulnerability. An attacker can exploit the vulnerability to write a malicious file a...

CVE-2017-18261

The archtimerregreadstable macro in arch/arm64/include/asm/archtimer.h in the Linux kernel, before 4.13, allows local users to cause a denial of service infinite recursion by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrac...