Lucene search
K

6886 matches found

OSV
OSV
added 2019/01/14 12:0 a.m.1 views

UBUNTU-CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

5.9CVSS7AI score0.58204EPSS
Exploits9References6
Veracode
Veracode
added 2019/01/09 2:58 a.m.8 views

Arbitrary File Overwrite

Aspose.ZIP is vulnerable to arbitrary file overwrite attacks. The vulnerability exists through a path traversal vulnerability, which allows arbitrary file overwrite in the context of the running application...

6.7AI score
Exploits0
ArchLinux
ArchLinux
added 2019/01/08 12:0 a.m.31 views

[ASA-201901-4] systemd: multiple issues

Arch Linux Security Advisory ASA-201901-4 ========================================= Severity: Medium Date : 2019-01-08 CVE-ID : CVE-2018-6954 CVE-2018-16866 Package : systemd Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-615 Summary ======= The package systemd befor...

7.8CVSS0.4AI score0.01051EPSS
Exploits3References9
exploitpack
exploitpack
added 2019/01/02 12:0 a.m.15 views

Microsoft Windows - Windows Error Reporting Local Privilege Escalation

Microsoft Windows - Windows Error Reporting Local Privilege Escalation Make sure to copy the file report.wer found in the folder PoC-Files in the same folder as the executable before running it... I guess I could have included it as a resource in the exe.. but whatever. Example:...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2019/01/02 12:0 a.m.30 views

Microsoft Windows - Windows Error Reporting Local Privilege Escalation

Make sure to copy the file report.wer found in the folder PoC-Files in the same folder as the executable before running it... I guess I could have included it as a resource in the exe.. but whatever. Example: "angrypolarbearbug.exe c:\windows\system32\drivers\pci.sys" This will overwrite pci.sys...

7.4AI score
Exploits0
NVD
NVD
added 2018/12/24 3:29 a.m.24 views

CVE-2018-20420

In webERP 4.15, ZCreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter...

5.5CVSS5.2AI score0.00962EPSS
Exploits1References1
CVE
CVE
added 2018/12/24 3:0 a.m.45 views

CVE-2018-20420

In webERP 4.15, the vulnerability CVE-2018-20420 stems from Z_CreateCompanyTemplateFile.php having Incorrect Access Control, enabling an attacker to overwrite an existing .sql file on the target site. This is achieved by creating a template and then using directory traversal in the TemplateName p...

5.5CVSS5.1AI score0.00962EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/12/10 12:0 a.m.8 views

OnionShare File Overwrite and Information Disclosure Vulnerability

OnionShare is an open source file encryption transfer or sharing software developed by Brazilian software developer Micah Lee. A file overwrite and information disclosure vulnerability exists in the 'debugmode' function of the web/web.py file in OnionShare 1.3.1 and earlier versions, which can be...

7CVSS5.9AI score0.00314EPSS
Exploits0References1
Prion
Prion
added 2018/12/07 4:29 p.m.15 views

Design/Logic Flaw

The debugmode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshareserver.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname...

4.4CVSS6.5AI score0.00314EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/12/07 4:29 p.m.3 views

DEBIAN-CVE-2018-19960

The debugmode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshareserver.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname...

7CVSS6.5AI score0.00314EPSS
Exploits0References1
CVE
CVE
added 2018/12/07 4:0 p.m.206 views

CVE-2018-19960

OnionShare up to version 1.3.1 is affected by CVE-2018-19960: its debug_mode path /tmp/onionshare_server.log for logging can allow a local attacker to overwrite files or access sensitive information. Root cause: debug logging uses a fixed pathname, enabling local path traversal/overwrite scenario...

7CVSS6.5AI score0.00314EPSS
Exploits0References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2018/12/06 12:0 a.m.4 views

HPE Moonshot Provisioning Manager Appliance Directory Traversal (CVE-2017-8977)

A directory traversal vulnerability exists in HPE Moonshot Provisioning Manager Appliance. The vulnerability is due to missing input validation in the serverresponse.py script. Successful exploitation could result in arbitrary file overwrite with privileges of web application process...

8.5CVSS3.4AI score0.04198EPSS
Exploits0
Packet Storm
Packet Storm
added 2018/12/05 12:0 a.m.57 views

Xorg X11 Server (AIX) Local Privilege Escalation

Exploit Title: AIX Xorg X11 Server - Local Privilege Escalation Date: 29/11/2018 Exploit Author: @0xdono Original Discovery and Exploit: Narendra Shinde Vendor Homepage: https://www.x.org/ Platform: AIX Version: X Window System Version 7.1.1 Fileset: X11.base.rte 7.1.5.32 Tested on: AIX 7.1 6.x t...

0.7AI score0.2704EPSS
Exploits39
Tenable Nessus
Tenable Nessus
added 2018/12/04 12:0 a.m.33 views

RHEL 7 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1853)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1853 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service PaaS solution designed for on-premise or private cloud...

7.5CVSS7.8AI score0.04707EPSS
Exploits1References12
Exploit DB
Exploit DB
added 2018/12/04 12:0 a.m.94 views

Xorg X11 Server (AIX) - Local Privilege Escalation

Exploit Title: AIX Xorg X11 Server - Local Privilege Escalation Date: 29/11/2018 Exploit Author: @0xdono Original Discovery and Exploit: Narendra Shinde Vendor Homepage: https://www.x.org/ Platform: AIX Version: X Window System Version 7.1.1 Fileset: X11.base.rte 7.1.5.32 Tested on: AIX 7.1 6.x t...

7.2CVSS7.2AI score0.2704EPSS
Exploits39
CVE
CVE
added 2018/11/20 7:0 p.m.48 views

CVE-2018-18565

CVE-2018-18565 is an Improper Access Control (CWE-284) vulnerability in Roche Diagnostics handheld medical devices (Accu-Chek Inform II Instrument and related models) where attackers in the adjacent network can change instrument configuration. Affected products include Accu-Chek Inform II Instrum...

6.8CVSS6.5AI score0.00475EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2018/11/18 12:0 a.m.271 views

XMPlay 3.8.3 Denial Of Service

Exploit Title: XMPlay 3.8.3 - '.m3u' Denial of Service PoC Date: 2018-11-18 Exploit Author: s7acktrac3 Vendor Homepage: https://www.xmplay.com/ Software Link: https://support.xmplay.com/filesview.php?fileid=676 Version: 3.8.3 latest Tested on: Windows XP/7/8 CVE : N/A Lauch XMPlay and either drag...

0.1AI score
Exploits0
CNVD
CNVD
added 2018/11/16 12:0 a.m.2 views

SAP Disclosure Management Arbitrary File Overwrite Vulnerability

SAP Disclosure Management is an automated financial disclosure management system. The system provides a collaborative financial disclosure process across teams, geographies, systems and data sources. An arbitrary file overwrite vulnerability exists in SAP Disclosure Management, which could be...

8.3CVSS7.3AI score0.01519EPSS
Exploits0References1
OSV
OSV
added 2018/11/09 1:29 a.m.1 views

CVE-2018-1799

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429...

5.5CVSS5.8AI score0.00428EPSS
Exploits0References4
NVD
NVD
added 2018/11/09 1:29 a.m.16 views

CVE-2018-1799

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429...

6.2CVSS6.1AI score0.00428EPSS
Exploits0References4
Rows per page
Query Builder