CVE-2020-7119

The vulnerability CVE-2020-7119 affects Aruba Analytics and Location Engine (ALE) web management interface versions up to 2.1.0.2. An authenticated administrative user can arbitrarily modify files as the underlying privileged OS user, indicating an privilege-escalation within the web interface. A...

Vertiv UPS Management Module FTP Service Arbitrary File Modification Vulnerability

Vertiv Technologies Limited Vertiv, was founded in 2000. Vertiv designs, manufactures and provides services for critical infrastructure equipment to keep data centers, communication networks, commercial and industrial facilities running well, and provides power supply and distribution, thermal...

CVE-2020-7583

A vulnerability has been identified in Automation License Manager 5 All versions, Automation License Manager 6 All versions V6.0.8. The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify...

Design/Logic Flaw

A vulnerability has been identified in Automation License Manager 5 All versions, Automation License Manager 6 All versions V6.0.8. The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify...

CVE-2020-7583

CVE-2020-7583 affects Automation License Manager 5 (all versions) and ALM 6 (all versions before 6.0.8). The root cause is improper privilege validation in certain operations, enabling a user with low privileges to arbitrarily modify files protected from writing (local access). CVSS v3.1 base sco...

CVE-2020-7583

A vulnerability has been identified in Automation License Manager 5 All versions, Automation License Manager 6 All versions V6.0.8. The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify...

CVE-2020-6293

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but the impact is limited to the files themselves and is restricted by other policies such as access...

Siemens Automation License Manager

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: Automation License Manager ALM Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to locally escalate privileges and modify...

CVE-2020-15651

A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS 28...

CVE-2020-7518

CVE-2020-7518 affects Schneider Electric Easergy Builder (versions 1.4.7.2 and older). The vulnerability is caused by improper input validation (CWE-20) that could allow an attacker to modify project configuration files. The Red Hat, CNVD, and NVD entries align on the same vulnerability descripti...

Security Update for Microsoft SharePoint Foundation 2013 (KB4484448) farm-deployment

A security vulnerability exists in Microsoft SharePoint Foundation 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Code injection

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download...

CVE-2020-14971

Pi-hole through 5.0 allows code injection in piholedhcp the Static DHCP Leases section by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.g...

Code injection

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...

Monstra CMS Operating System Command Injection Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS by Ukrainian software developer Sergey Romanenko. A security vulnerability exists in Monstra CMS version 3.0.4. The vulnerability can be exploited to execute arbitrary OS commands by modifying the .chunk.php file...

CVE-2019-20837

An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures...

Cisco IOx Application Framework Input Validation Error Vulnerability

Cisco Iox is the U.S. Cisco Cisco a combination of Cisco IOS and Linux OS for secure network connectivity and the development of IOT applications for secure development environment. An input validation error vulnerability exists in Cisco IOx Application Framework versions prior to 1.9.0, which...

CVE-2020-3238

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...

CVE-2020-3238

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...

Cisco IOx Application Framework Arbitrary File Creation Vulnerability

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...