CVE-2023-39506 PDF-XChange Editor createDataObject Directory Traversal Remote Code Execution Vulnerability

PDF-XChange Editor createDataObject Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must vis...

CVE-2023-39459 Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability

Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in...

CVE-2023-39459

CVE-2023-39459 affects Triangle MicroWorks SCADA Data Gateway. The flaw is in the processing of workspace files where user-supplied paths are not properly validated before file operations, enabling a local attacker to create arbitrary files in the Administrator context by enticing a target to vis...

CVE-2023-39459 Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability

Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in...

CVE-2023-34298 Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability

Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2023-34298

CVE-2023-34298 affects Pulse Secure Client via the SetupService directory traversal flaw. The issue stems from inadequate validation of a user-supplied path before file operations, allowing a local attacker who can run low-privilege code to escalate privileges and potentially execute arbitrary co...

CVE-2023-32177

CVE-2023-32177 concerns VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation. The flaw is a lack of validation of a user-supplied path before file operations in DeleteHistoryFile, enabling a local attacker who already has low-privileged code execution to escalate ...

CVE-2023-32177 VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability

VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2023-32176 VIPRE Antivirus Plus SetPrivateConfig Directory Traversal Local Privilege Escalation Vulnerability

VIPRE Antivirus Plus SetPrivateConfig Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2023-32176 VIPRE Antivirus Plus SetPrivateConfig Directory Traversal Local Privilege Escalation Vulnerability

VIPRE Antivirus Plus SetPrivateConfig Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2023-32167

The CVE-2023-32167 entry concerns D-Link D-View’s uploadMib function, where improper validation of a user-supplied path enables directory traversal and arbitrary file creation/deletion in the SYSTEM context. The vulnerability requires authentication to exploit and is evidenced by multiple disclos...

CVE-2023-32164

D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure (CVE-2023-32164) involves the TftpSendFileThread class, where a user-supplied path is not properly validated before file operations. This allows remote attackers to disclose sensitive information in the SYSTEM context wit...

CVE-2023-32164 D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability

D-Link D-View TftpSendFileThread Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exist...

CVE-2023-27326 Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability

Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest...

CVE-2023-27326

CVE-2023-27326 is a local privilege escalation in Parallels Desktop where the Toolgate component fails to validate a user-supplied path, enabling directory traversal and arbitrary code execution as the current host user. Exploitation requires prior high-privilege code execution on the guest syste...

LG Simple Editor 安全漏洞

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by failing to properly validate a user-supplied path before using it in ...

Pulse Secure Client 安全漏洞

Pulse Secure Client is a suite of client software from Pulse Secure USA for end devices that access the Pulse Secure gateway. A security vulnerability exists in Pulse Secure Client that stems from failure to properly validate a user-supplied path before using it in a file operation, allowing a...

Honeywell Saia PG5 Controls Suite 安全漏洞

Honeywell Saia PG5 Controls Suite is a control system software for industrial automation and building automation from Honeywell USA. A security vulnerability exists in Honeywell Saia PG5 Controls Suite that originates from failure to properly validate a user-supplied path before using it in a fil...

Ivanti Avalanche copyFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the copyFile method. The issue results from the lack of proper validation of a user-supplie...

Ivanti Avalanche WLInfoRailService DELKEY Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the DELKEY command. The issue results from the lack of proper validation of a user-supplied...