20 matches found
CVE-2026-32146
Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...
EUVD-2018-0085
Malware in sbrugna...
EUVD-2015-1205
Malware in sbrugna...
Copier's safe template has arbitrary filesystem read/write access
Impact Copier's current security model shall restrict filesystem access through Jinja: - Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case. - Files are written in the destination directory according to...
CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...
CVE-2018-1002150
Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1...
GNU Wget FTP Symlink Arbitrary Filesystem Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GNU Wget FTP Symlink Arbitrary Filesystem Access', 'Description' = %q This module exploits a vulnerability in Wget when used in recursive -r mode...
CVE-2022-24897 Arbitrary filesystem write access from Velocity
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem...
[ASA-202101-41] jenkins: multiple issues
Arch Linux Security Advisory ASA-202101-41 ========================================== Severity: High Date : 2021-01-20 CVE-ID : CVE-2021-21602 CVE-2021-21603 CVE-2021-21604 CVE-2021-21605 CVE-2021-21606 CVE-2021-21607 CVE-2021-21608 CVE-2021-21609 CVE-2021-21610 CVE-2021-21611 Package : jenkins...
[ASA-202009-2] ark: arbitrary filesystem access
Arch Linux Security Advisory ASA-202009-2 ========================================= Severity: High Date : 2020-09-03 CVE-ID : CVE-2020-24654 Package : ark Type : arbitrary filesystem access Remote : No Link : https://security.archlinux.org/AVG-1216 Summary ======= The package ark before version...
[ASA-201911-6] samba: multiple issues
Arch Linux Security Advisory ASA-201911-6 ========================================= Severity: Medium Date : 2019-11-03 CVE-ID : CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 Package : samba Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1057 Summary ======= The packa...
[ASA-201807-14] jenkins: multiple issues
Arch Linux Security Advisory ASA-201807-14 ========================================== Severity: High Date : 2018-07-21 CVE-ID : CVE-2018-1999001 CVE-2018-1999002 CVE-2018-1999003 CVE-2018-1999004 CVE-2018-1999005 CVE-2018-1999006 CVE-2018-1999007 Package : jenkins Type : multiple issues Remote :...
[ASA-201712-2] cacti: multiple issues
Arch Linux Security Advisory ASA-201712-2 ========================================= Severity: High Date : 2017-12-02 CVE-ID : CVE-2017-16641 CVE-2017-16660 CVE-2017-16661 CVE-2017-16785 Package : cacti Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-537 Summary =====...
[ASA-201708-7] mercurial: multiple issues
Arch Linux Security Advisory ASA-201708-7 ========================================= Severity: Critical Date : 2017-08-12 CVE-ID : CVE-2017-1000115 CVE-2017-1000116 Package : mercurial Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-378 Summary ======= The package...
webkit2gtk: multiple issues
CVE-2016-4590 same-origin policy bypass xisigr of Tencents Xuanwu Lab discovered a vulnerability in the way webkit handles URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. - CVE-2016-4591 arbitrary filesystem access ma.la of LINE Corporation discoveered...
SUSE: Security Advisory for wget (SUSE-SU-2014:1366-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES11 Security Update : wget (SUSE-SU-2014:1366-2)
wget was updated to fix one security issue and two non-security issues : - FTP symbolic link arbitrary filesystem access CVE-2014-4877. - Fix displaying of download time bnc901276. - Fix 0 size FTP downloads after failure bnc885069. Note that Tenable Network Security has extracted the preceding...
GNU Wget FTP Symlink Arbitrary Filesystem Access Exploit
This module exploits a vulnerability in Wget when used in recursive -r mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGETDATA option. Tested successfully with...
wget security update
1.14-10.1 - Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem access 1156135...
IRM Security Advisory 9
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 009 RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities Vulnerablity Type / Importance: Network Subversion, Open Proxy, Brute-For...