Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_ReportFileOperation Directory Traversal Denial-of-Service Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within t...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper...

Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within t...

Remote code execution

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces APIs. This could create arbitrary files, which could be used in API operations and could ultimately...

CVE-2022-41657

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces APIs. This could create arbitrary files, which could be used in API operations and could ultimately...

CVE-2022-41657

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces APIs. This could create arbitrary files, which could be used in API operations and could ultimately...

PT-2022-26009 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master version 00.00.01a and prior Description: The issue allows an attacker to use provided data already serialized into memory for file operations through application programmable interfaces APIs. This...

CVE-2022-43748

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors...

CVE-2022-43748

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors...

CVE-2022-1943

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udfwritefi. A local user could use this flaw to crash the system or potentially...

The vulnerability of the SSH control function for Cisco Access Points (APs) allows a hacker to elevate their privileges to the root level.

The vulnerability of the SSH control function for Cisco Access Points APs is related to improper checking of file operations in the SSH control interface. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

Dell Vnx2 Oe For File 操作系统命令注入漏洞

Dell Vnx2 Oe For File is an operating environment from Dell USA. A remote code execution vulnerability exists in Dell Vnx2 Oe For File version 8.1.21.266 and earlier. An attacker could exploit this vulnerability to execute commands on the system...

CVE-2021-37173

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.14.1, RUGGEDCOM ROX RX1400 All versions V2.14.1, RUGGEDCOM ROX RX1500 All versions V2.14.1, RUGGEDCOM ROX RX1501 All versions V2.14.1, RUGGEDCOM ROX RX1510 All versions V2.14.1, RUGGEDCOM ROX RX1511 All versions V2.14.1,...

PowerShell-Suite

This repository is an offensive tool for Windows UAC User Account Control bypass. It provides a framework to perform UAC bypasses based on auto-elevating IFileOperation COM object method calls. The tool is written in C and uses the .NET framework. The tool supports several methods for UAC bypass,...

Path traversal in rollup-plugin-serve

Path traversal in npm package rollup-plugin-serve before version 1.0.2. There is no path sanitization in readFile operation...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

(0Day) Hewlett Packard Enterprise Moonshot Provisioning Manager khuploadfile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Hewlett Packard Enterprise Moonshot Provisioning Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the khuploadfile.cgi binary. The issue results...

CVE-2020-27859

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetEuaLogDownloadAction class. The issue results from the lack of...

November 10, 2020—KB4586817 (Security-only update)

November 10, 2020—KB4586817 Security-only update IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. NEW 11/10/20 For more information about the various types of Windows updates, such as critical, security,...