2496 matches found
Arbitrary Code Execution
busybox is vulnerable to arbitrary code execution. The vulnerability exists in the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any...
CVE-2020-7264 Privilege Escalation vulnerability through symbolic links in ENS for Windows
Privilege Escalation vulnerability in McAfee Endpoint Security ENS for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved...
jizhi CMS 1.6.7 - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: jizhi CMS 1.6.7 - Arbitrary File Download Google Dork: jizhicms Exploit Author: iej1ctk1g Vendor Homepage: https://www.jizhicms.cn/ Software Link: http://down.jizhicms.cn/jizhicmsBeta1.6.7.zip Version: 1.6.7 Tested on: Mac OS CV...
iCATCH DVR Access Control Error Vulnerability
The iCATCH DVR is a digital video recorder DVR from China Desirable International iCATCH. A security vulnerability exists in the firmware of iCATCH DVR prior to version 20200103, which stems from the lack of proper access control in the file management interface. An attacker can exploit the...
CVE-2020-10513
The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file...
CVE-2020-1726
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first...
CVE-2020-4240
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417...
CVE-2019-19606
X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths or a leak of OS credentials to a remote system via crafted network packets. This could be used to execute arbitrary commands on the system...
CVE-2019-19606
X-Plane prior to 11.41 contains an OS command injection due to multiple improper path validations. A crafted network packet could cause reading/writing files to arbitrary paths and potentially leak credentials, enabling execution of arbitrary commands. Affected: X-Plane 11.x
JVN#32415420: Multiple vulnerabiliteis in Shihonkanri Plus GOOUT
Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains multiple vulnerabilities which allow reading/writing an arbitrary file listed below because of the improper validation of input parameter. Directory...
Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system OS. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted...
OpenSMTPD 6.6.3 - Arbitrary File Read
Title: OpenSMTPD 6.6.3 - Arbitrary File Read Date: 2020-02-20 Author: qualys Vendor: https://www.opensmtpd.org/ CVE: 2020-8793 / Local information disclosure in OpenSMTPD CVE-2020-8793 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the...
CVE-2019-19694
The Trend Micro Security 2019 15.0.0.1163 and below consumer family of products is vulnerable to a denial of service DoS attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the...
Security feature bypass
abrt-dbus in Automatic Bug Reporting Tool ABRT allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the 1 ChownProblemDir, 2 DeleteElement, or 3 DeleteProblem method...
CVE-2015-3151
Technical details (affected product, root cause, impact, or fix) for CVE-2015-3151 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2020-5196
Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download or unzip and upload files. There are multiple ways to bypass certain...
CVE-2019-11993
A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now...
Design/Logic Flaw
A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now...
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - kubectl (CVE-2019-11251)
Summary A Security Vulnerability affects IBM Cloud Private - kubectl Vulnerability Details CVEID: CVE-2019-11251 DESCRIPTION: Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in kubectl cp that allows a combination of two symlinks to copy a fi...
CVE-2019-18997 PB610 HMISimulator provides interface with access to arbitrary files
The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting...