CVE-2020-7664

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

CVE-2020-7668

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

CVE-2020-14946

downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath...

CVE-2020-3263 Cisco Webex Meetings Desktop App URL Filtering Arbitrary Program Execution Vulnerability

A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by...

CVE-2020-7664

The CVE-2020-7664 issue affects the Go package github.com/unknwon/cae/zip, specifically the ExtractTo function. The vulnerability arises because ExtractTo does not securely escape file paths in zip archives that contain leading or non-leading “..”, enabling path traversal that could allow an atta...

VulnCheck KEV: CVE-2019-7194

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...

Microsoft Windows Shell Remote Code Execution Vulnerability (CNVD-2021-27712)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Shell is a user-interactive interface based on the Windows platform that...

CVE-2020-1286

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'...

Huawei OSD Elevation of Privilege Vulnerability

Huawei ODS is an object-based storage device from Huawei, China. An elevation of privilege vulnerability exists in Huawei OSD OSDuwp9.0.32.0 and earlier versions, which can be exploited by a local attacker to elevate privileges by constructing a specific file path...

CVE-2020-12649

Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths...

pcp: Local privilege escalation in pcp spec file %post section

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...

CVE-2020-9072

Huawei OSD product with versions earlier than OSDuwp9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege...

CVE-2020-9072

Huawei OSD product with versions earlier than OSDuwp9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege...

CVE-2020-9072

Huawei OSD product with versions earlier than OSDuwp9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege...

Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zen Load Balancer Directory Traversal", 'Description' = %q This module exploits a authenticated directory traversal vulnerability in Zen Load...

CVE-2020-11819

In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution...

Denial Of Service (DoS)

Perl is vulnerable to Denial Of Service DoS.Due to race conditions occured in the way the File::Path module's rmtree function removed directory trees, a malicious, local user with write access to a directory being removed by a victim, running a Perl script using rmtree, could cause the permission...

Denial Of Service (DoS)

Perl is vulnerable to Denial Of Service DoS. Due to race conditions occured in the way the File::Path module's rmtree function removed directory trees, a malicious, local user with write access to a directory being removed by a victim, running a Perl script using rmtree, could cause the permissio...

CVE-2017-18687

Technical details (affected product/version, root cause, impact, or fixes) are not publicly provided in the connected documents. Monitor for updates; current sources summarize the issue but do not offer actionable specifics.

ICU: Integer overflow in UnicodeString::doAppend()

An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend function in common/unistr.cpp...