7184 matches found
CVE-2020-21431
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit...
CVE-2020-21431
HongCMS v3.0 contains an access control error vulnerability in the /admin/index.php/template/edit page, leading to arbitrary file reads and writes. The issue stems from missing/incorrect permission checks on that endpoint, enabling an attacker to read or write arbitrary files. Public references c...
USN-5102-1: Mercurial vulnerabilities
It was discovered that Mercurial mishandled symlinks in subrepositories. An attacker could use this issue to write arbitrary files to the target’s filesystem. CVE-2019-3902 It was discovered that Mercurial incorrectly handled certain manifest files. An attacker could use this issue to cause a...
CVE-2021-40324
Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...
CVE-2021-40324
Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...
CVE-2021-40324
Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...
Design/Logic Flaw
Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...
PYSEC-2021-374
Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...
UBUNTU-CVE-2021-40324
Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...
PYSEC-2021-374
Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...
CVE-2021-40324
CVE-2021-40324 affects Cobbler prior to 3.3.0, where an input-filtering deficiency in upload_log_data enables arbitrary file write operations. Public sources (Ubuntu USN-6475-1, openSUSE/SUSE advisories) describe remote code execution/read/write via the Cobbler XML-RPC interface tied to these CVE...
CVE-2021-40324
Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...
HongCMS 访问控制错误漏洞
HongCMS is an open source lightweight content management system CMS. An access control error vulnerability exists in HongCMS, which stems from the product's failure to add valid permission controls to the /admin/index.php/template/edit page. An attacker could cause arbitrary file reads and writes...
LCDS LAquis SCADA 路径遍历漏洞
LCDS LAquis SCADA is a SCADA Data Acquisition and Supervisory Control system from the Brazilian company LCDS. The system is mainly used for data acquisition and process control of equipment that has communication technology. LCDS LAquis SCADA has a security vulnerability that allows an attacker t...
Cobbler 代码问题漏洞
Cobbler is a network installation server suite, which is mainly used to quickly set up Linux network installation environment.Cobbler in versions prior to 3.3.0 there is an arbitrary file writing vulnerability, the vulnerability originates from the system does not do effective filtering of user...
MyScada MyDesigner 路径遍历漏洞
MyScada MyDesigner is a rapid development platform for creating visualizations from the Czech company MyScada. mySCADA myDESIGNER version 8.20.0 and below has a security vulnerability that could be exploited by attackers to trick victims into importing a malicious mep file, then they could write...
CVE-2021-41290
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device...
Path traversal
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device...
CVE-2021-41290 ECOA BAS controller - Path Traversal-1
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected device...
CVE-2021-41290
The CVE-2021-41290 entry relates to ECOA BAS controller products (e.g., ECOA ECS Router Controller - ECS (FLASH); ECOA RiskBuster Terminator - E6L45; RB 3.0.0; TRANE 1.0; plus related ECOA software) and describes an arbitrary file write/path traversal vulnerability. Attackers can use POST paramet...