Lucene search
K

1646 matches found

CVE
CVE
added 2019/01/31 12:0 a.m.13844 views

CVE-2019-6111

OpenSSH SCP client vulnerability CVE-2019-6111: in OpenSSH 7.9, the SCP client does not properly validate the object name returned by the server, allowing a malicious SCP server or MITM to overwrite arbitrary files in the client target directory. If recursive transfers (-r) are used, subdirectori...

5.9CVSS6.3AI score0.58204EPSS
In wildExploits9References23Affected Software2
Vulnrichment
Vulnrichment
added 2019/01/31 12:0 a.m.7 views

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

8.3AI score0.58204EPSS
Exploits9References23
OSV
OSV
added 2019/01/24 3:29 p.m.4 views

CVE-2019-1650

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An...

8.8CVSS7.4AI score0.03475EPSS
Exploits0References2
Cisco
Cisco
added 2019/01/23 4:0 p.m.155 views

Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An...

8.8CVSS2.4AI score0.03475EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/01/17 12:0 a.m.33 views

WinSCP Arbitrary File Overwrite Vulnerability - Windows

WinSCP is prone to an arbitrary file overwrie vulnerability SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:winscp:winscp";...

7.5CVSS7.8AI score0.02525EPSS
Exploits0References4
Veracode
Veracode
added 2019/01/15 9:13 a.m.30 views

Arbitrary File Overwrite

libarchive.so is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as sandboxing restrictions can be evaded through hard links with data, causing file overwrites...

7.5CVSS7.7AI score0.04707EPSS
Exploits1References21Affected Software4
Veracode
Veracode
added 2019/01/15 9:2 a.m.62 views

Arbitrary File Overwrite

bash is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have...

9.8CVSS9.6AI score0.99999EPSS
Exploits140References163Affected Software1
Veracode
Veracode
added 2019/01/15 8:59 a.m.27 views

Arbitrary File Overwrite

glusterfs is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names...

3.6CVSS5.9AI score0.00336EPSS
Exploits0References17Affected Software1
Veracode
Veracode
added 2019/01/15 8:58 a.m.13 views

Arbitrary File Overwrite

glusterfs is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the 1 e, 2 local-bricks.list, 3 bricks.err, or 4 limits.conf files in /tmp...

3.6CVSS6AI score0.00384EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2019/01/15 8:55 a.m.20 views

Arbitrary File Overwrite

sudo is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as a certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux RHEL 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file...

5.6CVSS5.9AI score0.00435EPSS
Exploits1References11Affected Software1
Veracode
Veracode
added 2019/01/15 8:53 a.m.36 views

Arbitrary File Overwrite

hplip3 is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as the senddatatostdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing HPLIP 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out...

1.2CVSS5.8AI score0.00444EPSS
Exploits0References17Affected Software2
OSV
OSV
added 2019/01/14 12:0 a.m.1 views

UBUNTU-CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

5.9CVSS7AI score0.58204EPSS
Exploits9References6
ArchLinux
ArchLinux
added 2019/01/08 12:0 a.m.31 views

[ASA-201901-4] systemd: multiple issues

Arch Linux Security Advisory ASA-201901-4 ========================================= Severity: Medium Date : 2019-01-08 CVE-ID : CVE-2018-6954 CVE-2018-16866 Package : systemd Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-615 Summary ======= The package systemd befor...

7.8CVSS0.4AI score0.01051EPSS
Exploits3References9
Check Point Advisories
Check Point Advisories
added 2018/12/06 12:0 a.m.4 views

HPE Moonshot Provisioning Manager Appliance Directory Traversal (CVE-2017-8977)

A directory traversal vulnerability exists in HPE Moonshot Provisioning Manager Appliance. The vulnerability is due to missing input validation in the serverresponse.py script. Successful exploitation could result in arbitrary file overwrite with privileges of web application process...

8.5CVSS3.4AI score0.04198EPSS
Exploits0
Exploit DB
Exploit DB
added 2018/12/04 12:0 a.m.95 views

Xorg X11 Server (AIX) - Local Privilege Escalation

Exploit Title: AIX Xorg X11 Server - Local Privilege Escalation Date: 29/11/2018 Exploit Author: @0xdono Original Discovery and Exploit: Narendra Shinde Vendor Homepage: https://www.x.org/ Platform: AIX Version: X Window System Version 7.1.1 Fileset: X11.base.rte 7.1.5.32 Tested on: AIX 7.1 6.x t...

7.2CVSS7.2AI score0.2704EPSS
Exploits39
CNVD
CNVD
added 2018/11/16 12:0 a.m.2 views

SAP Disclosure Management Arbitrary File Overwrite Vulnerability

SAP Disclosure Management is an automated financial disclosure management system. The system provides a collaborative financial disclosure process across teams, geographies, systems and data sources. An arbitrary file overwrite vulnerability exists in SAP Disclosure Management, which could be...

8.3CVSS7.3AI score0.01519EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/10/29 12:0 a.m.58 views

Debian DSA-4328-1 : xorg-server - security update

Narendra Shinde discovered that incorrect command-line parameter validation in the Xorg X server may result in arbitary file overwrite, which can result in privilege escalation. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

7.2CVSS7.2AI score0.2704EPSS
Exploits39References4
OSV
OSV
added 2018/10/17 7:54 p.m.9 views

GHSA-RHQ2-2574-78MC Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5CVSS7.2AI score0.02674EPSS
Exploits0References4
Snyk
Snyk
added 2018/10/01 8:29 a.m.1 views

Directory Traversal

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Directory Traversal. Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in...

5.8CVSS6.3AI score0.01538EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2018/10/01 8:29 a.m.20 views

CVE-2018-17828

Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in the bins/unzzipcat-mem.c file...

5.8CVSS6.4AI score0.01538EPSS
Exploits1References1
Rows per page
Query Builder