131 matches found
Arbitrary File Writing
DotNetZip.Semverd is vulnerable to arbitrary file writing aka zip-slip vulnerability. The vulnerability is possible because it does not check that the relative paths in a zip file don't go outside of the target directory...
CVE-2018-1103
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command...
CVE-2016-5294
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird 45.5, Firefox ESR...
Arbitrary File Write
zip4j is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...
Arbitrary File Write
zt-zip is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory...
Directory Traversal
guaycuru is vulnerable to directory traversal. A malicious user can prepend /..%2f..%2f in a directory string to disclose the files in a target directory...
ColdUserGroup 1.06 - Blind SQL Injection
ColdUserGroup 1.06 - Blind SQL Injection !/usr/bin/python ColdGen - coldusergroup v1.06 0day Remote Blind SQL Injection Exploit Vendor: http://www.coldgen.com/ Found by: mrme ----------------------------------------------- Script provided 'as is', without any warranty. Use for educational purpose...
Echo out WebShell-vulnerability warning-the black bar safety net
On a side note process, you can execute the cmd without permission and relatively low in the case, sometimes you can use this method to help you down the target Station. Command format The Echo statement the target Station absolute directory For example: echo ^^%execute request"0"%^...
Hyper Estraier directory traversal/denial of service vulnerability
Overview Hyper Estraier, a full text search system, contains a vulnerability in the process of creating index files. Impact If a remote attacker sends a specially crafted file and a user saves it in a search target directory, the attacker could register a file not to be searched in an index when...
USN-191-1: unzip vulnerability
Imran Ghory found a race condition in the handling of output files. While a file was unpacked by unzip, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the unzip user...
AOL Instant Messenger 4.x - Arbitrary File Creation
AOL Instant Messenger 4.x - Arbitrary File Creation source: https://www.securityfocus.com/bid/4526/info An issue has been reported, which could allow an AIM user to save files to arbitrary locations. Reportedly, this is achievable when a direct connection is made between two AIM users. Files that...