Lucene search
K

779 matches found

Tenable Nessus
Tenable Nessus
added 2020/06/17 12:0 a.m.28 views

GLSA-202006-14 : PEAR Archive_Tar: Remote code execution vulnerability

The remote host is affected by the vulnerability described in GLSA-202006-14 PEAR ArchiveTar: Remote code execution vulnerability An issue was discovered in the PEAR module ArchiveTars handling of file paths within Tar achives. Impact : A local or remote attacker could possibly execute arbitrary...

8.8CVSS8.7AI score0.18286EPSS
Exploits5References2
Microsoft CVE
Microsoft CVE
added 2020/06/09 7:0 a.m.34 views

Windows Shell Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on as an administrator, an attacker could...

9.3CVSS2.6AI score0.1178EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2020/06/02 12:0 a.m.8 views

June 2, 2020, update for Office 2016 (KB4484335)

June 2, 2020, update for Office 2016 KB4484335 This article describes update 4484335 for Microsoft Office 2016 that was released on June 2, 2020.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to Offi...

5.8AI score
Exploits0
Hacker One
Hacker One
added 2020/05/24 6:37 p.m.14 views

ownCloud: File System Monitoring Queue Overflow

in the source code "owncloud/client" in the file "src/gui/folderwatcherlinux.cpp" in the function "void FolderWatcherPrivate :: inotifyRegisterPath const QString & path" by calling "inotifyaddwatch" the file paths are set for monitoring cpp int wd = inotifyaddwatchfd, path.toUtf8.constData,...

0.9AI score
Exploits0
NVD
NVD
added 2020/05/21 11:15 p.m.15 views

CVE-2020-1081

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

7.8CVSS8.6AI score0.00821EPSS
Exploits0References1
Prion
Prion
added 2020/05/21 11:15 p.m.20 views

Privilege escalation

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

7.2CVSS8.1AI score0.00821EPSS
Exploits0References1Affected Software5
Cvelist
Cvelist
added 2020/05/21 10:53 p.m.15 views

CVE-2020-1081

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

8.6AI score0.00821EPSS
Exploits0References1
Metasploit
Metasploit
added 2020/05/18 9:9 p.m.44 views

GOG GalaxyClientService Privilege Escalation

This module will send arbitrary filepaths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also likely affected. This module requires Metasploit: https://metasploit.com/download Current source:...

8.8CVSS1.2AI score0.03778EPSS
Exploits5
Microsoft CVE
Microsoft CVE
added 2020/05/12 7:0 a.m.19 views

Windows Printer Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. To exploit this...

7.8CVSS5.9AI score0.00821EPSS
Exploits0
OSV
OSV
added 2020/04/17 7:15 p.m.19 views

CVE-2020-11883

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...

5.3CVSS6.7AI score
Exploits0References2
Cvelist
Cvelist
added 2020/04/17 6:39 p.m.37 views

CVE-2020-11883

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...

5.2AI score0.1515EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2020/04/16 12:0 a.m.139 views

Microsoft Windows Unquoted Service Path Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' class MetasploitModule 'Windows Unquoted Service Path Privilege Escalation', 'Description' = %q This module exploits a logic flaw due to h...

0.9AI score
Exploits0
CNVD
CNVD
added 2020/04/13 12:0 a.m.3 views

Samsung Mobile Device Path Traversal Vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A path traversal vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to modify the client-server data flow in order to insert a...

5.8CVSS6.8AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2020/04/07 4:15 p.m.2 views

CVE-2017-18687

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 January 2017...

5.3CVSS5.8AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2020/04/06 10:15 p.m.5 views

CVE-2020-11594

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path...

7.5CVSS7.1AI score0.01209EPSS
Exploits1References1
CNVD
CNVD
added 2020/03/30 12:0 a.m.1 views

Ansible path traversal vulnerability (CNVD-2020-20686)

Ansible is a computer system configuration manager from the American company Ansible. The product can be used to publish, manage and organize computer systems. A path traversal vulnerability exists in Ansible. The vulnerability stems from a failure of a networked system or product to properly...

5.2CVSS8.7AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/03/28 8:0 p.m.53 views

CVE-2019-11044

A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths...

7.5CVSS1.7AI score0.05363EPSS
Exploits4References3
Cvelist
Cvelist
added 2020/02/13 8:11 p.m.15 views

CVE-2015-6589

Directory traversal vulnerability in Kaseya Virtual System Administrator VSA 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file...

9AI score0.13577EPSS
Exploits7References4
NVD
NVD
added 2019/12/23 3:15 a.m.24 views

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

5.9CVSS6.8AI score0.08818EPSS
Exploits1References13
NVD
NVD
added 2019/12/10 10:15 p.m.13 views

CVE-2019-1477

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

7.8CVSS7.7AI score0.01004EPSS
Exploits0References1
Rows per page
Query Builder