Vertiv UPS Management Module FTP Service Arbitrary File Modification Vulnerability

Vertiv Technologies Limited Vertiv, was founded in 2000. Vertiv designs, manufactures and provides services for critical infrastructure equipment to keep data centers, communication networks, commercial and industrial facilities running well, and provides power supply and distribution, thermal...

Sinter - A User-Mode Application Authorization System For MacOS Written In Swift

Sinter is a 100% user-mode endpoint security agent for macOS 10.15 and above, written in Swift. Sinter uses the user-mode EndpointSecurity API to subscribe to and receive authorization callbacks from the macOS kernel, for a set of security-relevant event types. The current version of Sinter...

DEBIAN-CVE-2020-15692

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...

UBUNTU-CVE-2020-15692

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...

CVE-2020-15692

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...

Marvell QConvergeConsole Remote Code Execution Vulnerability (CNVD-2020-46340)

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A security vulnerability in the decryptFile method of the FlashValidatorServiceImpl class i...

Marvell QConvergeConsole Remote Code Execution Vulnerability

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A remote code execution vulnerability exists in the decryptFile method of the...

Marvell QConvergeConsole Remote Code Execution Vulnerability (CNVD-2020-46346)

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A remote code execution vulnerability exists in the getFileFromURL method of the...

rConfig Directory Traversal Vulnerability

rConfig is an open source network configuration management utility . A directory traversal vulnerability exists in rConfig version 3.9.5, which can be exploited to view arbitrary files on a system by sending a request to the ajaxGetFileByPath.php script with a 'path' parameter with the sequence...

CVE-2020-15712

rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences %2f..%2f in the path parameter to view arbitrary files on the system...

Directory Traversal

marscode is vulnerable to directory traversal. The vulnerability exists through the lack of sanitization on the file path used in fs.readFileSync...

Directory Traversal

rollup-plugin-dev-server is vulnerable to directory traversal. The vulnerability exists through the lack of sanitization of the file path used in the readFile function...

SQL Injection Vulnerability in the Co***.cl***.php File of Nethub's Chinese/English Enterprise Website Management System

Netizen Chinese and English enterprise website management system is developed with PHP + MYSQL technology and MVC mode, easy to maintain the code, support pseudo-static function, can generate google and baidu map, support custom url, keywords and description, in line with SEO standards. Nethub...

Huawei EulerOS: Security Advisory for perl-File-Path (EulerOS-SA-2020-1750)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability...

CVE-2020-2201

Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability...

Go Ethereum Security Breach

Go Ethereum aka geth is an open source implementation of the ethereum protocol written in the Go language. A security vulnerability exists in the 'TraceChain' function of the eth/apitracer.go file in Go Ethereum versions prior to 1.8.14. An attacker can exploit this vulnerability to launch an...

EulerOS Virtualization 3.0.6.0 : perl-File-Path (EulerOS-SA-2020-1750)

According to the version of the perl-File-Path package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attackers to set th...

PT-2020-14366 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue concerns a hardcoded APP KEY located in the /opt/axess/etc/default/axess file. Recommendations: For versions 3.1.0 and 3.1.1, consider removing or modifying the...

GHSA-6R3C-8XF3-GGRR Directory traversal outside of SENDFILE_ROOT in django-sendfile2

django-sendfile2 currently relies on the backend to correctly limit file paths to SENDFILEROOT. This is not the case for the simple and development backends, it is also not necessarily the case for any of the other backends either it's just an assumption that was made by the original author. This...