CVE-2019-3681

A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that c...

CVE-2019-20851

An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device...

CVE-2020-3241

A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management interface. An attacker...

CVE-2020-3236

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

Arbitrary File Write

php-ews/php-ews is vulnerable to arbitrary file write. The vulnerability allows a malicious user to overwrite arbitrary files by sending a message containing an attachment with filename foo/../../../../../etc/passwd...

The vulnerability of the Podman library’s software for managing and starting OCI containers allows a hacker to overwrite existing files.

The vulnerability of the Podman software for managing and starting OCI containers is related to errors in handling symbolic links. Exploiting this vulnerability could allow an attacker to re-write existing files...

CVE-2020-12851

Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders repositories by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in t...

CVE-2020-3237

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction...

CVE-2020-3237

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction...

CVE-2020-3237

The CVE-2020-3237 issue affects Cisco IOx Application Framework within the Cisco IOx application environment. It stems from insufficient path restriction enforcement, enabling an authenticated, local attacker to overwrite arbitrary files in the running virtual instance by including a crafted file...

CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

CVE-2020-12006

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control...

Path traversal

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control...

Cisco Firepower Device Manager On-Box Input Validation Error Vulnerability

Cisco Firepower Device Manager FDM is a firewall device manager from Cisco USA. The product supports access rule configuration, system monitoring, etc. Cisco Firepower Device Manager On-Box software is one of the built-in software. An input validation error vulnerability exists in Cisco FDM On-Bo...

DEBIAN-CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

PYSEC-2020-2

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c

It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip. An attacker may use this flaw to write files outside the intended target directory, overwriting existing...

CVE-2020-6225

SAP NetWeaver Knowledge Management, versions KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50, does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs,...

CVE-2020-11705

An issue was discovered in ProVide formerly zFTPServer through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter...