Lucene search
K

1324 matches found

Positive Technologies
Positive Technologies
added 2020/03/09 12:0 a.m.7 views

PT-2020-15350 · Jenkins · Jenkins Cobertura Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cobertura Plugin versions 1.15 and earlier Description: The issue allows attackers who can control the coverage report file contents to overwrite any file on the Jenkins master file system. This is due to an arbitrary file write...

8.5CVSS6.5AI score0.01593EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.4 views

The vulnerability of the Huawei PC Manager application, related to access control deficiencies, allows a perpetrator to execute arbitrary codes and write arbitrary files.

The vulnerability of the Huawei PC Manager application relates to deficiencies in access control. Exploiting this vulnerability could allow a hacker to execute arbitrary code and write arbitrary files...

7.8CVSS7.7AI score0.00865EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/02/12 12:0 a.m.3 views

Adobe Acrobat and Reader Elevation of Privilege Vulnerability (CNVD-2020-10134)

Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader have an elevation of privilege vulnerability. An attacker can exploit the vulnerability to write to an arbitrary file system...

10CVSS7.2AI score0.03458EPSS
Exploits0References1
Veracode
Veracode
added 2020/01/31 8:14 a.m.22 views

Unsafe Identifiers

opencast-common is using unsafe identifier. The package allows the use of arbitrary identifiers for media packages and file systems, causing the identifier mismatch as an identifier may unintentionally be changed. When the identifiers are used for file system operations, an attacker can make use ...

7.7CVSS4.2AI score0.01168EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/01/29 12:0 a.m.3 views

The vulnerabilities of the xAPI microprogramming software components of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and the operating system Cisco RoomOS allow attackers to gain unauthorized access to protected information and write arbitrary files to the device’s file system.

The vulnerability of the xAPI microprogramming software components of Cisco TelePresence Collaboration Endpoint, Cisco TelePresence Codec, and the operating system Cisco RoomOS exists due to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability can...

9CVSS7.5AI score0.08453EPSS
Exploits0References2Affected Software2
CNVD
CNVD
added 2020/01/15 12:0 a.m.2 views

Bitbucket Server and Bitbucket Data Center Remote Code Execution Vulnerability (CNVD-2020-03926)

Atlassian Bitbucket Server and Atlassian Bitbucket Data Center are both products of Atlassian Australia.Atlassian Bitbucket Server is a Git code hosting solution. The solution manages and reviews code with features such as diff view, JIRA integration and build integration.Atlassian Bitbucket Data...

8.8CVSS8.4AI score0.01598EPSS
Exploits0References1
OSV
OSV
added 2019/12/03 8:15 p.m.4 views

CVE-2019-19459

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...

9.8CVSS7AI score0.03508EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2019/10/11 5:30 p.m.22 views

CVE-2019-10185

It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox. Mitigation No kno...

8.6CVSS3AI score0.04022EPSS
Exploits0References2
Snyk
Snyk
added 2019/10/10 11:56 a.m.1 views

Directory Traversal

Overview iobroker.js-controller is a controller that is owning the central configuration of the ioBroker installation and controls and monitors all adapter processes for the current host. Affected versions of this package are vulnerable to Directory Traversal. An attacker can include file content...

7.5CVSS7.7AI score0.02158EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2019/10/09 12:0 a.m.5 views

The vulnerability of the ColdFusion software platform, related to errors in restricting the path name of the restricted directory, allows a perpetrator to write any files into the device’s file system.

The vulnerability of the ColdFusion software platform is related to errors in restricting the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files to the device’s file system remotely...

7.8CVSS5.5AI score0.18858EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/09/13 12:0 a.m.3 views

PT-2019-17702 · Twitter · Bower

Name of the Vulnerable Software and Affected Versions: bower versions prior to 1.8.8 Description: The issue allows for a path traversal vulnerability, enabling file write in arbitrary locations via the install command. This occurs because bower does not verify that extracted symbolic links do not...

7.5CVSS7.6AI score0.02566EPSS
Exploits1References12
CNVD
CNVD
added 2019/09/12 12:0 a.m.4 views

Microsoft .NET Framework Privilege Vulnerability

Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a development platform. The platform includes the C and Visual Basic programming languages, a public language runtime library, and an extensive class library. A privilege extraction...

5.5CVSS7.1AI score0.01039EPSS
Exploits0References1
CNVD
CNVD
added 2019/09/09 12:0 a.m.3 views

Mozilla Firefox and Mozilla Firefox ESR Arbitrary Code Execution Vulnerability

Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox versions prior to Mozilla...

8.8CVSS9AI score0.01062EPSS
Exploits0References1
OSV
OSV
added 2019/08/23 9:53 p.m.3 views

GHSA-MR7P-25V2-35WR NLTK Vulnerable To Path Traversal

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during extraction...

8.7CVSS7.2AI score0.05831EPSS
Exploits2References12
Positive Technologies
Positive Technologies
added 2019/08/20 12:0 a.m.5 views

PT-2019-3241 · Nltk +2 · Nltk Downloader +2

Name of the Vulnerable Software and Affected Versions: NLTK Downloader versions prior to 3.4.5 Description: The issue is related to a directory traversal vulnerability, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during...

9.8CVSS7.1AI score0.05831EPSS
Exploits3References46
BDU FSTEC
BDU FSTEC
added 2019/08/13 12:0 a.m.21 views

The vulnerability of the IcedTea-Web plugin, related to an incorrect limitation on the path name to the restricted access catalog, allows a hacker to write arbitrary files to the device’s file system.

The vulnerability of the IcedTea-Web plugin is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files to the device’s file system using a specially crafted file in formats: .tar, .jar, .war,...

8.6CVSS5.6AI score0.04022EPSS
Exploits0References6Affected Software5
CNVD
CNVD
added 2019/08/01 12:0 a.m.2 views

cPanel Input Validation Error Vulnerability (CNVD-2019-26371)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in versions of cPanel prior to 78.0.2. The vulnerability stems from a web-based...

5.3CVSS6.8AI score0.00767EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/01 12:0 a.m.2 views

cPanel Input Validation Error Vulnerability (CNVD-2019-26370)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in versions of cPanel prior to 78.0.2. The vulnerability stems from a web-based...

4.3CVSS6.8AI score0.00633EPSS
Exploits0References1
OSV
OSV
added 2019/07/31 2:15 a.m.3 views

DEBIAN-CVE-2019-14452

Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in a ZIP archive entry that is mishandled during extraction...

7.5CVSS7.5AI score0.03694EPSS
Exploits0References1
OSV
OSV
added 2019/07/15 1:42 p.m.2 views

USN-4055-1 flightcrew vulnerabilities

Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. CVE-2019-13032 Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use thi...

7.8CVSS6.7AI score0.02026EPSS
Exploits1References4
Rows per page
Query Builder