Lucene search
K

2496 matches found

Veracode
Veracode
added 2020/05/10 11:24 p.m.52 views

Arbitrary Code Execution

busybox is vulnerable to arbitrary code execution. The vulnerability exists in the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any...

8.8CVSS3.1AI score0.0624EPSS
Exploits12References20Affected Software3
Cvelist
Cvelist
added 2020/05/08 11:45 a.m.17 views

CVE-2020-7264 Privilege Escalation vulnerability through symbolic links in ENS for Windows

Privilege Escalation vulnerability in McAfee Endpoint Security ENS for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved...

8.8CVSS8.3AI score0.0025EPSS
Exploits0References1
0day.today
0day.today
added 2020/04/21 12:0 a.m.78 views

jizhi CMS 1.6.7 - Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: jizhi CMS 1.6.7 - Arbitrary File Download Google Dork: jizhicms Exploit Author: iej1ctk1g Vendor Homepage: https://www.jizhicms.cn/ Software Link: http://down.jizhicms.cn/jizhicmsBeta1.6.7.zip Version: 1.6.7 Tested on: Mac OS CV...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/04/17 12:0 a.m.8 views

iCATCH DVR Access Control Error Vulnerability

The iCATCH DVR is a digital video recorder DVR from China Desirable International iCATCH. A security vulnerability exists in the firmware of iCATCH DVR prior to version 20200103, which stems from the lack of proper access control in the file management interface. An attacker can exploit the...

8.8CVSS6.9AI score0.00824EPSS
Exploits0References1
OSV
OSV
added 2020/04/15 7:15 a.m.3 views

CVE-2020-10513

The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file...

6.5CVSS6.7AI score0.00824EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/04/07 11:38 a.m.29 views

CVE-2020-1726

A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first...

5.9CVSS3.3AI score0.01849EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/03/31 2:31 p.m.20 views

CVE-2020-4240

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417...

4.8CVSS6.3AI score0.01919EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/03/30 9:31 p.m.28 views

CVE-2019-19606

X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths or a leak of OS credentials to a remote system via crafted network packets. This could be used to execute arbitrary commands on the system...

9.8AI score0.02353EPSS
Exploits1References1
CVE
CVE
added 2020/03/30 9:31 p.m.69 views

CVE-2019-19606

X-Plane prior to 11.41 contains an OS command injection due to multiple improper path validations. A crafted network packet could cause reading/writing files to arbitrary paths and potentially leak credentials, enabling execution of arbitrary commands. Affected: X-Plane 11.x

10CVSS9.6AI score0.02353EPSS
Exploits1References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 12:0 a.m.51 views

JVN#32415420: Multiple vulnerabiliteis in Shihonkanri Plus GOOUT

Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains multiple vulnerabilities which allow reading/writing an arbitrary file listed below because of the improper validation of input parameter. Directory...

9.1CVSS9.4AI score0.01935EPSS
Exploits0
Cisco
Cisco
added 2020/02/26 4:0 p.m.25 views

Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system OS. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted...

4.2CVSS1.3AI score0.00285EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2020/02/26 12:0 a.m.194 views

OpenSMTPD 6.6.3 - Arbitrary File Read

Title: OpenSMTPD 6.6.3 - Arbitrary File Read Date: 2020-02-20 Author: qualys Vendor: https://www.opensmtpd.org/ CVE: 2020-8793 / Local information disclosure in OpenSMTPD CVE-2020-8793 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the...

4.7CVSS5.9AI score0.009EPSS
Exploits4
OSV
OSV
added 2020/02/20 11:15 p.m.6 views

CVE-2019-19694

The Trend Micro Security 2019 15.0.0.1163 and below consumer family of products is vulnerable to a denial of service DoS attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the...

4.7CVSS5.8AI score0.00365EPSS
Exploits0References4
Prion
Prion
added 2020/01/14 6:15 p.m.17 views

Security feature bypass

abrt-dbus in Automatic Bug Reporting Tool ABRT allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the 1 ChownProblemDir, 2 DeleteElement, or 3 DeleteProblem method...

7.2CVSS6.7AI score0.00398EPSS
Exploits0References5
CVE
CVE
added 2020/01/14 5:47 p.m.71 views

CVE-2015-3151

Technical details (affected product, root cause, impact, or fix) for CVE-2015-3151 are not publicly provided in the supplied documents. Monitor for updates.

7.8CVSS7.2AI score0.0056EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2020/01/14 2:15 p.m.14 views

CVE-2020-5196

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download or unzip and upload files. There are multiple ways to bypass certain...

8.1CVSS8AI score0.01204EPSS
Exploits1References3
NVD
NVD
added 2020/01/03 6:15 p.m.22 views

CVE-2019-11993

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now...

9.4CVSS7.9AI score0.0153EPSS
Exploits0References1
Prion
Prion
added 2020/01/03 6:15 p.m.19 views

Design/Logic Flaw

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now...

9.4CVSS7.9AI score0.0153EPSS
Exploits0References1Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/24 4:32 p.m.34 views

Security Bulletin: A Security Vulnerability affects IBM Cloud Private - kubectl (CVE-2019-11251)

Summary A Security Vulnerability affects IBM Cloud Private - kubectl Vulnerability Details CVEID: CVE-2019-11251 DESCRIPTION: Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in kubectl cp that allows a combination of two symlinks to copy a fi...

5.7CVSS0.6AI score0.02327EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2019/12/18 8:22 p.m.28 views

CVE-2019-18997 PB610 HMISimulator provides interface with access to arbitrary files

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting...

4.3CVSS7.4AI score0.01522EPSS
Exploits1References1
Rows per page
Query Builder