6892 matches found
The vulnerability of Cisco Enterprise NFV Infrastructure Software (NFVIS) relates to incorrect path name restrictions for access-limited directories, allowing a perpetrator to re-record arbitrary files in the operating system of the vulnerable device.
The vulnerability of Cisco Enterprise NFV Infrastructure Software NFVIS is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to re-record any files in the operating system of the vulnerable device remotely...
Microsoft OneDrive for Windows Elevation of Privilege Vulnerability (CNVD-2020-54060)
OneDrive is a file hosting service and synchronization service introduced by Microsoft as part of the Web version of Office. An elevation of privilege vulnerability exists in OneDrive for Windows. The vulnerability stems from the OneDrive for Windows desktop application not properly handling...
Microsoft OneDrive for Windows Elevation of Privilege Vulnerability (CNVD-2020-54062)
OneDrive is a file hosting service and synchronization service introduced by Microsoft as part of the Web version of Office. An elevation of privilege vulnerability exists in OneDrive for Windows. The vulnerability stems from the OneDrive for Windows desktop application not properly handling...
Microsoft OneDrive Multiple Vulnerabilities (Sep 2020)
This host is missing an important security update according to Microsoft Security Updates for month of September SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
OneDrive for Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this vulnerability, an attacker would...
PT-2020-4019 · Microsoft · Onedrive For Windows Desktop
Name of the Vulnerable Software and Affected Versions: OneDrive for Windows Desktop affected versions not specified Description: The issue arises from the improper handling of symbolic links by the OneDrive for Windows Desktop application, leading to a potential elevation of privilege. An attacke...
PT-2020-4024 · Microsoft · Onedrive For Windows
Name of the Vulnerable Software and Affected Versions: OneDrive for Windows affected versions not specified Description: The issue is related to the improper handling of symbolic links by the OneDrive for Windows Desktop application. This could allow an attacker to overwrite a targeted file with ...
CVE-2019-20916
A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the "Content-Disposition" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an...
PYSEC-2020-192
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...
CVE-2019-20916
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...
CVE-2020-3478
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...
CVE-2020-3478 Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...
CVE-2020-3478 Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...
CVE-2020-3478
CVE-2020-3478 affects Cisco Enterprise NFV Infrastructure Software (NFVIS). The REST API vulnerability arises from insufficient authorization enforcement, allowing an authenticated remote attacker to upload a file via the REST API and overwrite restricted files, potentially degrading system funct...
Reload vulnerability in ZZCMS in***.php page
ZZCMS is a free website builder developed in asp language. A reinstallation vulnerability exists in the ZZCMS in.php page. An attacker can exploit the vulnerability to overwrite previous files resulting in a system reinstallation...
Arbitrary File Overwrite
decompress-zip is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not verify that extract files can escape out of the extraction root directory...
Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability
Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A file overwrite vulnerability exists in Cisco Enterprise NFV Infrastructure...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity and...
Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device. The vulnerability is due to insufficient authorization enforcement on an affected system...
Oracle Linux 8 : nodejs:10 (ELSA-2020-0579)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0579 advisory. - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 Tenable has extracted the precedi...