DEBIAN-CVE-2022-30333

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys file. NOTE: WinRAR and Android RAR are unaffected...

UnRAR 路径遍历漏洞

UnRAR is a command that decompresses files with an rar suffix.RARLAB A directory traversal vulnerability exists in versions of UnRAR prior to 6.12. The vulnerability stems from a lack of validity checks on paths when processing directory requests, and can be exploited by attackers to write files...

CVE-2022-23160

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files...

CVE-2022-20754

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

CVE-2020-15388

A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files...

CVE-2022-20755

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

CVE-2022-25299

CVE-2022-25299 affects the cesanta/mongoose package before 7.6. The root cause is unsafe handling of file names during upload via mg_http_upload(), which may allow attackers to write files to arbitrary locations outside the designated target folder. No remediation details are provided in the conn...

编号撤回

IBM Planning Analytics is an integrated planning solution that uses echarts data visualization, AI to automate planning, budgeting and forecasting, and drive smarter workflows. IBM Planning Analytics suffers from a path traversal vulnerability that allows all control requests to be submitted in a...

Jenkins Warnings Next Generation 路径遍历漏洞

Jenkins Warnings Next Generation is Jenkins an open source application plugin . The plugin is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A security vulnerability exists in Jenkins Warnings Next Generation Plugin that allows an attacke...

Apache James 路径遍历漏洞

Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation. Apache James in version 3.6.1 contains a path traversal vulnerability that stems from a failure of a networked system or product to properly filter special...

CVE-2021-35244

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution...

jenkins: Creating symbolic links is possible without the symlink permission

A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system...

Vulnerabilities fixed in Siemens SIMATIC WINCC

Siemens has fixed vulnerabilities in WinCC. A authenticated malicious person could exploit the vulnerabilities to execute a "Path Traversal" and thus appropriate elevated privileges, read and write arbitrary files and manipulate write and thereby manipulate data and/or gain access gain access to...

Atlassian Confluence Server and Data Center Path Traversal Vulnerability

Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution...

CVE-2021-34762

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to...

CVE-2021-38477

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files...

Ecoa Technologies Corp Ecoa Bas controller 路径遍历漏洞

ECOA BAS controller is a BAS controller developed by Ecoa Technologies Corp in Taiwan, China. ECOA BAS controller is vulnerable to arbitrary file uploads, which can be exploited to send specially crafted URL requests to the /upload URI with the file name and rbt parameters containing The "dot"...

CVE-2021-3806

A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system...

Path traversal

A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system...

CVE-2021-3806

CVE-2021-3806 describes a path traversal vulnerability in Pardus Software Center’s extractArchive function. An attacker on the same network could leverage this to perform a man-in-the-middle and write files on the system. Reported across multiple sources (NVD entry, CVE listings, and PT-Security ...