EUVD-2020-1501

Malware in sbrugna...

CVE-2020-35460

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

MPXJ path Traversal vulnerability

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

GHSA-P9J6-4PJR-GP48 MPXJ path Traversal vulnerability

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

Arbitrary File Write

Packwood MPXJ is vulnerable to arbitrary file write. The vulnerability exists because it does not properly validate the path from inputStream, leading to the writing of files outside of the target directory...

CVE-2020-35460

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

CVE-2020-35460

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

Directory traversal

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

CVE-2020-35460

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

CVE-2020-35460

CVE-2020-35460 : In MPXJ (Packwood), the InputStreamHelper.java component allows directory traversal in the zip stream handler flow, enabling writing files to arbitrary locations. This is due to insufficient validation of pathnames in the traversal path. Affected file/component: common/InputStrea...

CVE-2020-35460

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations...

PT-2020-5496 · Packwood · Mpxj

Name of the Vulnerable Software and Affected Versions: Packwood MPXJ versions prior to 8.3.5 Description: The issue exists due to incorrect restriction of the directory path name in the common/InputStreamHelper.java library of MPXJ, allowing a remote attacker to write files to arbitrary locations...

Packwood MPXJ Path Traversal Vulnerability

Packwood MPXJ is a tool from Packwood that supports multiple programming languages for processing project information.MPXJ supports a variety of data formats: Microsoft Project Exchange MPX, Microsoft Project MPP, MPT, Microsoft Project Data Exchange MSPDI XML, Microsoft Project Database MPD,...