NetGain Systems Enterprise Manager network.traffic_005freport_jsp filename Directory Traversal Arbitrary File Overwrite Vulnerability

This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

NetGain Systems Enterprise Manager reports.export_005fdownload_jsp filename Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

NetGain Systems Enterprise Manager TFtpServer Filename Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ requests. When parsing the Filename field, th...

NetGain Systems Enterprise Manager common.download_jsp filename Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

NetGain Systems Enterprise Manager deviceReport.deviceReport_005fexport_005fdo_jsp filename Directory Traversal Arbitrary File Overwrite Vulnerability

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

NetGain Systems Enterprise Manager db.save_005fattrs_jsp id Directory Traversal Arbitrary File Overwrite Vulnerability

This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

NetGain Systems Enterprise Manager designer.script_005fsamples_jsp type Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

Design/Logic Flaw

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP heade...

Cisco Prime Network Analysis Module graph sfile Parameter Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Cisco Prime Network Analysis Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within graph.php. When parsing the sfile parameter, the script does not...

Hewlett Packard Enterprise Intelligent Management Center flexFileUpload Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specif...

Cisco Prime Collaboration Provisioning logconfigtracer.jsp Arbitrary File Deletion (CVE-2017-6637)

An arbitrary file deletion vulnerability exists in Cisco Prime Collaboration Provisioning. The vulnerability is due to insufficient validation on user supplied paths before using them in file operations. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted reques...

Authentication flaw

Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064...

CVE-2017-15293

CVE-2017-15293 concerns the Xpress Server in SAP POS . The connected sources describe a lack of authentication for multiple operations: file read/erase, daemon shutdown, terminal read , and certain credential-related attacks. The root cause is the server’s failure to enforce authentication, enabl...

Hewlett Packard Enterprise Intelligent Management Center mibFileServlet Directory Traversal Denial of Service Vulnerability

This vulnerability allows remote attackers to delete arbitrary directories on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specifi...

Hewlett Packard Enterprise Intelligent Management Center mibFileServlet Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to rename arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Dell EMC VNX Monitoring and Reporting Scheduler Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

Unpatched Windows Kernel Bug Could Help Malware Hinder Detection

A 17-year-old programming error has been discovered in Microsoft's Windows kernel that could prevent some security software from detecting malware at runtime when loaded into system memory. The security issue, described by enSilo security researcher Omri Misgav, resides in the kernel routine...

EMC Data Protection Advisor ScheduledReportResource Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within...

SpiderControl SCADA Webserver iniNet Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of SpiderControl SCADA. Authentication is not required to exploit this vulnerability. The specific flaw exists within web server access to the scdefault directory. The issue results from the...

Microsoft Windows Error Reporting Manager Improper Access Control Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute medium-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...