Marvell QConvergeConsole Remote Code Execution Vulnerability (CNVD-2020-46340)

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A security vulnerability in the decryptFile method of the FlashValidatorServiceImpl class i...

Microsoft Windows Shell Remote Code Execution Vulnerability (CNVD-2021-27712)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Shell is a user-interactive interface based on the Windows platform that...

CVE-2020-1286

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'...

Atlassian Confluence Server Information Disclosure (CVE-2019-3394)

A local file inclusion vulnerability exists in Atlassian Confluence Server. This vulnerability is due to improper validation of file path. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to...

D-Link DIR-615 Elevation of Privilege Vulnerability

The D-Link DIR-615 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DIR-615 suffers from an elevation of privilege vulnerability that stems from the program's failure to perform complete validation of file paths and error detection. An attacker can exploit the elevation of...

Input validation

A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...

CVE-2019-1889 Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability

A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...

Directory Traversal

AWSSDKCPP-Core is vulnerable to directory traversal. Lack of validation in the file path allows for remote attackers to inject ../ characters to create or retrieve arbitrary files and folders within the file system...

VulnCheck KEV: CVE-2018-8414

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths...

CVE-2017-9447

In the web interface of Parallels Remote Application Server RAS 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary...

Apache OpenMeetings ZIP File Path Traversal (CVE-2016-0784)

A directory traversal vulnerability exists in Apache OpenMeetings in the Import/Export System Backups functionality. The vulnerability is due to missing file path validation on user-uploaded ZIP archives. Successful exploitation allows the attacker to execute arbitrary code under the security...

OXID eShop CE 4.9.7 Path Traversal / Privilege Escalation

=== LSE Leading Security Experts GmbH - Security Advisory 2016-02-03 === OXID eShop Path Traversal Vulnerability ------------------------------------------------------------------------ Affected Versions ================= Community Edition 4.9.7 Issue Overview ============== Vulnerability Type:...

DouPHP轻量级企业建站系统后台任意文件删除缺陷

简要描述： 某处未验证删除的文件路径，导致可以删除任意文件。 官网演示站测试通过 详细说明： 漏洞文件: /admin/backup.php 第161行 / +---------------------------------------------------------- 备份删除 +---------------------------------------------------------- / if $REQUEST'rec' == 'del' $sqlfilename = $GET'sqlfilename'; if $POST'confirm' if...