CVE-2023-3972

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local...

Fedora 37 : samba (2023-fff0c857d6)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-fff0c857d6 advisory. Update to 4.17.12 - Security fixes for CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670 Tenable has extracted the...

SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenFile method. The issue results from the lack of proper validati...

SolarWinds Access Rights Manager OpenClientUpdateFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenClientUpdateFile method. The issue results from the lack of...

SUSE SLES15 Security Update : samba (SUSE-SU-2023:4096-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4096-1 advisory. - The vulnerability exists due to an error in the way SMB protocol implementation in Samba handles file operations. A remote user c...

F5 BIG-IP OS unzip Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of F5 BIG-IP OS. Authentication is required to exploit this vulnerability. The specific flaw exists within the unzip method. The issue results from the lack of proper validation of a user-supplied path...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : samba (SUSE-SU-2023:4059-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4059-1 advisory. - The vulnerability exists due to an error in the way SMB protocol implementation in Samba handl...

VulnCheck KEV: CVE-2023-42657

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations delete, rename, rmdir, mkdir on files and folders outside of their authorized WSFTP folder path. Attackers could...

A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the ShowTechDownloadView class. The issue results from the lack of proper validation...

A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability

This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileMgmtExport class. The issue results from the lack of proper validation of a...

CVE-2023-42657

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations delete, rename, rmdir, mkdir on files and folders outside of their authorized WSFTP folder path. Attackers could also...

CVE-2023-42657

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations delete, rename, rmdir, mkdir on files and folders outside of their authorized WSFTP folder path. Attackers could also...

Directory traversal

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations delete, rename, rmdir, mkdir on files and folders outside of their authorized WSFTP folder path. Attackers could also...

CVE-2023-42657 WS_FTP Server Directory Traversal

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations delete, rename, rmdir, mkdir on files and folders outside of their authorized WSFTP folder path. Attackers could also...

CVE-2023-42657

CVE-2023-42657 affects Progress WS_FTP Server, in versions prior to 8.7.4 and 8.8.2. The vulnerability is a directory traversal flaw in the server’s file handling that allows an unauthenticated or less-privileged user to perform file operations (delete, rename, rmdir, mkdir) outside the designate...

CVE-2023-42657 WS_FTP Server Directory Traversal

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations delete, rename, rmdir, mkdir on files and folders outside of their authorized WSFTP folder path. Attackers could also...

ManageEngine ADManager Plus download Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the download method. The issue results from the lack of proper validatio...

Visualware MyConnection Server doPostUploadfiles Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Visualware MyConnection Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Synology RT6600ax uistrings.cgi Path Traversal Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uistrings.cgi file. The issue results from the lack of...

CVE-2023-4614

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of prope...