MINI-MPXJ-CGVW-69CG

Bulletin has no description...

EUVD-2020-1501

Malware in sbrugna...

EUVD-2022-0160

Malicious code in bioql PyPI...

EUVD-2024-3068

Malicious code in bioql PyPI...

CVE-2022-41954

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other...

CVE-2020-35460

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

CVE-2020-25020

MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components...

Path Traversal

net.sf.mpxj, mpxj is vulnerable to Path Traversal. The vulnerability is due to an incomplete patch for CVE-2020-35460, which still allows the construction of malicious paths to write files to arbitrary locations...

GHSA-J945-C44V-97G6 MPXJ has a Potential Path Traversal Vulnerability

Impact The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations. Patches The issue is addressed i...

MPXJ has a Potential Path Traversal Vulnerability

Impact The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations. Patches The issue is addressed i...

CVE-2024-49771

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by t...

CVE-2024-49771 MPXJ has a Potential Path Traversal Vulnerability

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by t...

CVE-2024-49771 MPXJ has a Potential Path Traversal Vulnerability

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by t...

CVE-2024-49771

CVE-2024-49771 affects the MPXJ library (used to read/write project plans). The issue is a path traversal vulnerability in the ZIP stream handling (InputStreamHelper/Packwood MPXJ code) that could allow writing files to arbitrary locations. It is addressed in MPXJ version 13.5.1. No exploitation ...

CVE-2024-49771 MPXJ has a Potential Path Traversal Vulnerability

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by t...

MPXJ has a Potential Path Traversal Vulnerability

Impact The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations. Patches The issue is addressed i...

MPXJ 路径遍历漏洞

MPXJ is an open source library by Jon Iles Personal Developer. It is used to read and write project plans from various file formats and databases. MPXJ suffers from a path traversal vulnerability that stems from allowing an attacker to construct malicious paths to write files to arbitrary locatio...

PT-2024-33680 · Mpxj · Mpxj

Name of the Vulnerable Software and Affected Versions: MPXJ versions prior to 13.5.1 Description: The patch for a historical issue in MPXJ is incomplete, allowing a malicious path to be constructed that could enable files to be written to arbitrary locations. Recommendations: For versions prior t...

Information Disclosure

mpxj is vulnerable to information disclosure. A local authenticated attacker is able to read the contents of temporary files or directories when File.createTempFile.. is used to create those files, resulting in disclosure of sensitive information...

GHSA-JF2P-4GQJ-849G Temporary File Information Disclosure vulnerability in MPXJ

Impact On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other user on the system can read the contents of this file. When MPXJ is reading a type of schedule file...