1646 matches found
Cisco SD-WAN vManage Elevation of Privilege Vulnerability
Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An elevation of privilege vulnerability exists in the System File Transfer feature of Cisco SD-WAN vManage. The vulnerability stems from improper validation of the path input to the System...
python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py
A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...
Apple OS X libxpc Arbitrary File Overwrite Vulnerability
Apple OS X is a specialized operating system developed by Apple for Mac computers. A security vulnerability exists in OS X libxpc due to a product design flaw that does not restrict file uploads, which allows malicious applications to overwrite arbitrary files. No details of the vulnerability are...
CVE-2020-9994
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files...
CVE-2020-9994
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files...
python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py
A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...
python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py
A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...
CVE-2020-3597
Cisco Nexus Data Broker Software is affected by CVE-2020-3597. A path traversal vulnerability exists in the configuration restore feature due to insufficient validation of configuration backup files. An unauthenticated, remote attacker could trick an administrator into restoring a crafted backup ...
CVE-2020-3476 Cisco IOS XE Software Arbitrary File Overwrite Vulnerability
A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. A...
Path traversal
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges...
CVE-2019-20916
A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...
Arbitrary File Overwrite
decompress-zip is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not verify that extract files can escape out of the extraction root directory...
Oracle Linux 8 : nodejs:10 (ELSA-2020-0579)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0579 advisory. - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 Tenable has extracted the precedi...
CVE-2020-3440 Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attack...
CVE-2020-3440 Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attack...
Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite (cisco-sa-webex-desktop-app-OVSfpVMj)
According to its self-reported version, Cisco Webex Meetings Desktop App for Windows is affected by a vulnerability due to improper validation of URL parameters that are sent from a website to the affected application. An unauthenticated, remote attacker can exploit this, by persuading a user to...
Cisco Webex Meetings Desktop App Path Traversal Vulnerability
Cisco Webex Meetings Desktop App and Cisco Webex Meetings are both products of Cisco, Inc.Cisco Webex Meetings Desktop App is a video conferencing control application for use in a desktop environment.Cisco Webex Meetings is a video conferencing solution. A path traversal vulnerability exists in...
Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attack...
IBM QRadar Improper Access Control Vulnerability
IBM QRadar is an enterprise security information and event management SIEM product that detects anomalies, finds advanced threats, and eliminates false positives. A security vulnerability exists in IBM QRadar Wincollect versions 7.2.0 through 7.2.9 that stems from WinCollect failing to install...
CVE-2020-4486
IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. IBM X-Force ID: 181861...