Lucene search
K

1646 matches found

OSV
OSV
added 2018/01/02 7:29 p.m.28 views

CVE-2017-1000420

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite...

7.5CVSS7.8AI score
Exploits0References1
Cvelist
Cvelist
added 2018/01/02 7:0 p.m.22 views

CVE-2017-1000420

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite...

7.5AI score0.01509EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/01/02 7:0 p.m.22 views

CVE-2017-1000420

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite...

7.5CVSS7.5AI score0.01509EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2017/12/19 8:37 a.m.6 views

rubygems: Arbitrary file overwrite due to incorrect validation of specification name

It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory...

7.5CVSS7.3AI score0.29442EPSS
Exploits2References5
Zero Day Initiative
Zero Day Initiative
added 2017/12/13 12:0 a.m.31 views

NetGain Systems Enterprise Manager deviceReport.deviceReport_005fexport_005fdo_jsp filename Directory Traversal Arbitrary File Overwrite Vulnerability

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

7.5CVSS2.9AI score0.02307EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2017/12/13 12:0 a.m.61 views

NetGain Systems Enterprise Manager db.save_005fattrs_jsp id Directory Traversal Arbitrary File Overwrite Vulnerability

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

7.5CVSS2.9AI score0.02483EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2017/12/13 12:0 a.m.40 views

NetGain Systems Enterprise Manager service.service_005ffailures_jsp filename Directory Traversal Arbitrary File Overwrite Vulnerability

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

7.5CVSS2.9AI score0.02307EPSS
Exploits0
CNVD
CNVD
added 2017/11/10 12:0 a.m.2 views

foo2zjs Arbitrary File Overwrite Vulnerability

Ubuntu is a GNU/Linux operating system for desktop applications developed by Canonical and the Ubuntu Foundation. Debian unstable and Debian squeeze are both free operating systems created by the Debian Project Collaboration with Linux or FreeBSD as the kernel. foo2zjs is one of the printer...

5.5CVSS6.7AI score0.0041EPSS
Exploits0References1
OSV
OSV
added 2017/11/07 4:29 p.m.3 views

CVE-2017-2916

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS5.8AI score0.02251EPSS
Exploits2References1
NVD
NVD
added 2017/11/07 4:29 p.m.21 views

CVE-2017-2916

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability...

9.9CVSS9AI score0.02251EPSS
Exploits2References1
CVE
CVE
added 2017/11/07 4:0 p.m.64 views

CVE-2017-2916

CVE-2017-2916 affects Circle with Disney devices running firmware 2.0.1. The vulnerability is in the /api/CONFIG/restore path, where a crafted backup can overwrite arbitrary files during restoration. The restore sequence decrypts a backup, extracts it to a temporary directory, validates contents,...

9.9CVSS8.6AI score0.02251EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2017/11/07 4:0 p.m.26 views

CVE-2017-2916

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability...

9.9CVSS8.7AI score0.02251EPSS
Exploits2References1
CNVD
CNVD
added 2017/11/02 12:0 a.m.2 views

Circle with Disney Backlink Vulnerability

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A backlink vulnerability exists in the /api/CONFIG/restore function in Circle with Disney version 2.0.1. An attacker can exploit this...

9.9CVSS9.1AI score0.02251EPSS
Exploits2References1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.53 views

Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability(CVE-2016-4323)

DESCRIPTION A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splas...

5.8CVSS6.5AI score0.02305EPSS
Exploits2
OSV
OSV
added 2017/10/05 5:29 p.m.1 views

CVE-2017-1301

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the...

5.5CVSS5.9AI score0.00359EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/10/03 12:0 a.m.58 views

Amazon Linux AMI : ruby22 / ruby23 (ALAS-2017-906)

SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session...

9.8CVSS7.8AI score0.29442EPSS
Exploits9References11
CNVD
CNVD
added 2017/09/22 12:0 a.m.4 views

Chef Software Directory Traversal Vulnerability

Chef Software is a set of server application configuration tools written in Ruty and Erlang by Chef Software. mixlib-archive is one of the gem extraction archive tools. A directory traversal vulnerability exists in Chef Software in versions 0.3.0 and earlier of mixlib-archive. A remote attacker c...

7.5CVSS7AI score0.019EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/09/13 9:46 p.m.52 views

Moderate: Red Hat Security Advisory: instack-undercloud security, bug fix, and enhancement update

An update for instack-undercloud is now available for Red Hat OpenStack Platform 11.0 Ocata. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.4CVSS6.6AI score0.00347EPSS
Exploits0References3
CNVD
CNVD
added 2017/09/08 12:0 a.m.4 views

Cisco IOS XE Software Arbitrary File Overwrite Vulnerability

Cisco ASR 920 Series Aggregation Services Routers are Cisco's ASR 920 series of multifunction routers.Cisco IOS XE Software is one of the operating systems dedicated to network devices. A security vulnerability exists in the USB-modem code of the IOS XE Software in the Cisco ASR 920 Series...

4.7CVSS5AI score0.00353EPSS
Exploits0References1
Cisco
Cisco
added 2017/09/06 4:0 p.m.28 views

Cisco IOS XE Software for Cisco ASR 920 Series Routers Arbitrary File Overwrite Vulnerability

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper inpu...

4.4CVSS4.9AI score0.00353EPSS
Exploits0References1
Rows per page
Query Builder