8 matches found
CVE-2016-20026
ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP...
GHSA-94RR-4JR5-9H2P Apache Ivy does not verify target path when extracting the archive
With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to version 2.5.1 doesn't verify the target path when extracting the...
Improper Limitation of a Pathname to a Restricted Directory in WildFly
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability...
wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)
It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution...
wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)
It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution...
CVE-2018-10862
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability...
CVE-2018-10862
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability...
wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)
It was found that the explode function of the deployment utility in jboss-cli and console that allows extraction of files from an archive does not perform necessary validation for directory traversal. This can lead to remote code execution...