Cisco TelePresence Collaboration Endpoint Software 安全漏洞

Cisco TelePresence Collaboration Endpoint Software is a suite of collaboration endpoint software from Cisco USA. A security vulnerability exists in Cisco TelePresence Collaboration Endpoint and RoomOS Software. An attacker could exploit the vulnerability to overwrite arbitrary files on the system...

Path Traversal

github.com/yi-ge/unzip is vulnerable to path traversal. The vulnerability exists in unzip.go due to improper path sanitization which allows an attacker to overwrite files outside of the target directory...

PT-2023-1108 · Cisco · Cisco Roomos +1

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS affected versions not specified Description: The issue is related to inadequate access control in the command-line interface CLI of the Cisco TelePresence Collaboration Endpoint CE...

CVE-2022-37903

A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/snapcore/snapd/overlord/snapshotstate/backend is a The snapd and snap tools enable systems to work with .snap files. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. When importing a snapshot...

HCL Technologies HCL Commerce 安全漏洞

HCL Technologies HCL Commerce is a software platform framework for e-commerce from HCL Technologies, USA. The software includes marketing, sales, customer and order processing functionality in a customizable and integrated package. It is a unified platform that provides the ability to conduct...

CVE-2022-29837

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution...

CVE-2022-34825

Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrit...

CVE-2022-34825

Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrit...

NEC Expresscluster X 安全漏洞

NEC Expresscluster X is a specialized high availability cluster software from Nippon Electric NEC. It is used to enable fast restore functions and continuously protect critical applications and data. A security vulnerability exists in NEC Expresscluster X 5.0 for Windows and prior versions,...

PT-2022-24511 · Hcl · Hcl Workload Automation

Name of the Vulnerable Software and Affected Versions: HCL Workload Automation affected versions not specified Description: The issue allows a local user to overwrite key system files, which could cause the system to crash. Recommendations: At the moment, there is no information about a newer...

CVE-2022-40981

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full...

Archive_Tar: improper filename sanitization leads to file overwrites

A flaw was found in the ArchiveTar package. PEAR ArchiveTar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive...

PT-2022-6017 · Cisco · Cisco Sd-Wan

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Software affected versions not specified Description: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This issue is d...

CVE-2022-31322

Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables...

Goomph 路径遍历漏洞

Goomph is a DiffPlug open source plugin . Used to build OSGi packages , Eclipse plug-ins and RCP applications . A security vulnerability exists in Goomph versions prior to 3.37.2 that allows a malicious zip file to be written to an arbitrary location on the file system, overwriting certain...

OESA-2022-1875 rsync security update

Rsync is an open source utility that provides fast incremental file transfer.It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files ar...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current rsync Vulnerability (SSA:2022-227-01)

The version of rsync installed on the remote host is prior to 3.2.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-227-01 advisory. - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of...

CVE-2022-36264

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

CVE-2022-20913

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator...