933 matches found
June 8, 2021—KB5003637 (OS Builds 19041.1052, 19042.1052, and 19043.1052)
June 8, 2021—KB5003637 OS Builds 19041.1052, 19042.1052, and 19043.1052 EXPIRATION NOTICEIMPORTAN T As of 9/12/2023, this KB is only available from Windows Update. It is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to t...
Path traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors...
CVE-2021-29091
The vulnerability CVE-2021-29091 affects Synology Photo Station prior to 6.8.14-3500. It is a Path Traversal in the file management component that improperly limits the destination path, allowing remote authenticated users to write arbitrary files via unspecified vectors. Impact is information ab...
CVE-2021-29091
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors...
CVE-2021-29092
Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors...
CVE-2021-29092
Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors...
CVE-2021-29092
The CVE-2021-29092 issue affects Synology Photo Station (pre-6.8.14-3500). The vulnerability is described as an unrestricted upload of a file with a dangerous type in the file management component, which could allow remote authenticated users to execute arbitrary code via unspecified vectors. Aff...
SQL Injection Vulnerability in Purple Electronic File Management System
hereinafter referred to as "Ziguang Software" is a leading provider of industry solutions and IT services in China. A SQL injection vulnerability exists in the Ziguang Electronic File Management System. The vulnerability can be exploited by an attacker to obtain sensitive information from the...
Insecure Access Control
octoprint uses an insecure access control. The vulnerability exists as it attempts to manage files other than .log...
Improper access control
The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not .log files...
CVE-2021-32560
The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not .log files...
SQL Injection Vulnerability in Purple File Management System of Purple Software Systems Ltd (CNVD-2021-35784)
Purple Software Systems Ltd. is a company that specializes in making a chain of cloud file management services. A SQL injection vulnerability exists in the Purple File Management System of Purple Software Systems Limited, which can be exploited by attackers to obtain sensitive information from th...
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability (cisco-sa-3000-9000-fileaction-QtLzDRy2)
According to its self-reported version, Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode are affected by a vulnerability in the implementation of an internal file management service. An unauthenticated, remote attacker could...
SQL Injection Vulnerability in Purple File Management System of Purple Software Systems Ltd.
Purple Software Systems Ltd. is a company that specializes in making a chain of cloud file management services. Purple Software Systems Limited Purple File Management System suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the...
The vulnerability in the internal file management service of the Cisco NX-OS operating system for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches allows a attacker to rewrite arbitrary files.
The vulnerability of the internal file management service in the Cisco NX-OS operating system for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches lies in the use of files and directories accessible from external parties. Exploiting this vulnerability allows a malicious actor...
CVE-2021-1361
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite...
Information disclosure
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite...
CVE-2021-1361
CVE-2021-1361 affects Cisco NX-OS on Nexus 3000/9000 switches in standalone NX-OS mode. A misconfigured TCP port 9075 allows unauthenticated remote attackers to create, delete, or overwrite arbitrary files with root privileges, including adding user accounts. Cisco’s advisory (cisco-sa-3000-9000-...
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite...
SQL Injection Vulnerability in Purple File Management System
hereinafter referred to as "Violet Software" is a provider of industry solutions and IT services. A SQL injection vulnerability exists in the Zilight File Management System. An attacker could exploit this vulnerability to obtain sensitive information from the database...