Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.
Max CVSS
9.6
EPSS Score
0.33%
Published
2024-02-05
Updated
2024-02-29
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.
Max CVSS
9.1
EPSS Score
0.06%
Published
2023-08-04
Updated
2023-08-10
Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue.
Max CVSS
9.6
EPSS Score
0.08%
Published
2023-02-09
Updated
2023-02-16
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
Max CVSS
9.9
EPSS Score
0.05%
Published
2023-11-10
Updated
2024-01-21
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.
Max CVSS
9.8
EPSS Score
0.33%
Published
2022-08-25
Updated
2022-08-31
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
Max CVSS
9.1
EPSS Score
0.10%
Published
2022-09-23
Updated
2022-09-26
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
Max CVSS
10.0
EPSS Score
0.66%
Published
2022-03-25
Updated
2024-01-04
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
Max CVSS
9.0
EPSS Score
0.15%
Published
2022-04-15
Updated
2024-03-04
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.
Max CVSS
9.1
EPSS Score
0.09%
Published
2021-08-11
Updated
2021-08-12
bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. This issue may lead to arbitrary file write (with same permissions as the program running the unpack operation) if the attacker can control the archive file. Additionally, if the attacker has read access to the unpacked files, he may be able to read arbitrary system files the parent process has permissions to read. For more details including a PoC see the referenced GHSL-2020-258.
Max CVSS
9.1
EPSS Score
0.27%
Published
2021-08-16
Updated
2022-07-02
Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Max CVSS
9.8
EPSS Score
0.24%
Published
2021-11-04
Updated
2023-11-22
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.
Max CVSS
9.8
EPSS Score
0.38%
Published
2022-12-12
Updated
2023-01-17
An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges.
Max CVSS
9.8
EPSS Score
0.22%
Published
2020-12-28
Updated
2021-07-21
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.
Max CVSS
9.0
EPSS Score
0.10%
Published
2020-07-24
Updated
2020-08-05
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020).
Max CVSS
9.1
EPSS Score
0.08%
Published
2020-06-04
Updated
2020-06-07
Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.
Max CVSS
9.0
EPSS Score
0.10%
Published
2020-06-30
Updated
2020-07-08
The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.
Max CVSS
9.8
EPSS Score
0.62%
Published
2020-04-26
Updated
2021-07-21
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write.
Max CVSS
10.0
EPSS Score
0.41%
Published
2020-07-17
Updated
2021-10-05
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation.
Max CVSS
9.8
EPSS Score
0.29%
Published
2020-07-17
Updated
2020-07-22
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
Max CVSS
9.3
EPSS Score
0.54%
Published
2020-01-21
Updated
2023-01-27
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.
Max CVSS
9.0
EPSS Score
0.24%
Published
2020-04-14
Updated
2020-04-14
In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.
Max CVSS
9.8
EPSS Score
0.22%
Published
2019-11-12
Updated
2019-11-14
UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. The vulnerability was introduced in SnagIT Windows 12.4.1.
Max CVSS
9.3
EPSS Score
0.19%
Published
2019-07-26
Updated
2020-08-24
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized.
Max CVSS
9.0
EPSS Score
1.70%
Published
2019-05-23
Updated
2019-05-29
This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions.
Max CVSS
9.8
EPSS Score
1.20%
Published
2019-12-05
Updated
2019-12-10
42 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!