AUVESY Versiondog has an unspecified vulnerability (CNVD-2021-82927)

AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. A security vulnerability exists in AUVESY Versiondog that could be exploited by an attacker to cause the manipulation and/or deletion of files...

AUVESY Versiondog 安全漏洞

AUVESY Versiondog is an automated production data and change management software solution from the German company AUVESY. A security vulnerability exists in AUVESY Versiondog that could be exploited by an attacker to cause the manipulation and/or deletion of files...

Design/Logic Flaw

OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere o...

Schneider Electric IGSS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: IGSS Interactive Graphical SCADA System Vulnerabilities: Classic Buffer Overflow, Unrestricted Upload of File with Dangerous Type, Path Traversal, Missing Authentication fo...

Information disclosure

Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...

Fortinet FortiClientEms 路径遍历漏洞

Fortinet FortiClientEms is a centralized, centralized management system from Fortinet, USA. A path traversal vulnerability exists in Fortinet FortiClientEMS versions 6.4.1 and below; 6.2.8 and below, which can be exploited by an attacker to add/remove files to/from a server by injecting a sequenc...

PT-2021-4363 · Moxa · Moxa Mxview Network Management

Name of the Vulnerable Software and Affected Versions: Moxa MXview Network Management software versions 3.x through 3.2.2 Description: The issue is related to insufficient access control in the Moxa MXView network control software, which can be exploited by a remote attacker to bypass security...

Path Traversal in dmpop/mejiro

Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...

Input validation

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

F5 BIG-IP Advanced WAF and ASM TMUI is vulnerable to unspecified vulnerabilities

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An unspecified vulnerability exists in the F5 BIG-IP Advanced WAF and ASM TMUI, which, when cracked, allows an authenticated...

CVE-2021-32814 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Skytable

Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1...

CVE-2021-22125

An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...

Fork CMS Arbitrary File Upload Vulnerability

Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . Fork CMS has an arbitrary file upload vulnerability that can be exploited to create or replace arbitrary files in the themes directory with...

CVE-2021-28931

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel...

Advisory ROSA-SA-2021-1935

Software: openldap 2.4.44 OS: Cobalt 7.9 CVE-ID: CVE-2017-14159 CVE-Crit: MEDIUM CVE-DESC: slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping the privileges of a non-root account, which could allow local users to kill arbitrary processes using access to that non-root account t...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...

CVE-2021-25414

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege...

CVE-2021-25414

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege...

Code injection

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903...

Path Traversal in github.com/unknwon/cae/zip

The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. Specific Go Packages Affected github.com/unknwon/cae/zip...