CVE-2019-11526

An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations...

Path traversal

An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations...

CVE-2019-11526

Softing uaGate SI 1.60.01 contains a privilege-elevation issue in its maintenance script that runs via sudo. The maintenance script is vulnerable to file path injection, allowing an attacker to write files with superuser privileges in specific locations. This CVE (CVE-2019-11526) is documented ac...

CVE-2019-11526

An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations...

Regular Expression Denial Of Service (ReDoS)

mimer is vulnerable to regular expression denial of service ReDoS. The function extGetter uses an incorrect regular expression to split file path input from the user, causing an application crash via intensive CPU and memory consumption when parsing malicious file path...

The vulnerability of the add_job function (scheduler/ipp.c) in the CUPS printing server allows a attacker to compromise data integrity.

The vulnerability of the addjob function in the scheduler/ipp.c file of the CUPS print server is related to insufficient validation of input data when D-Bus support is enabled. Exploiting this vulnerability could allow a malicious actor to compromise data integrity...

PT-2019-6427 · Ruijie · Ruijie Eg-2000 Series Gateway

Name of the Vulnerable Software and Affected Versions: Ruijie EG-2000 series gateway versions 11.11B1 Description: The issue affects the Ruijie EG-2000 series gateway, where an attacker can easily dump cleartext stored passwords in /data/config.text using simple XORs. This allows a remote attacke...

Microsoft Windows Winlogon Privilege Mobilization Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Microsoft Windows Server is a server operating system. Winlogon is one of the components...

CVE-2019-1268

An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'...

Privilege escalation

An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'...

Local File Inclusion

librenms/librenms is vulnerable to local file inclusion. The usage of mysqlrealescapestring in pdf.php to sanitize file paths is insecure. Due to the usage of include that takes in untrusted user-supplied data to include scripts, a remote attacker could potentially include arbitrary scripts to be...

Security Bulletin: IBM Maximo Asset Management is vulnerable to File Path Traversal (CVE-2019-4430)

Summary IBM Maximo Asset Management is vulnerable to File Path Traversal Vulnerability Details CVEID: CVE-2019-4430 DESCRIPTION: IBM Maximo Asset Management could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot...

Mozilla: Same-origin policy treats all files in a directory as having the same-origin

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

Eventum Cross-Site Scripting Vulnerability (CNVD-2019-39386)

Eventum is a defect tracking system. The system is used to track inbound technical support, organizational tasks, bugs, etc. A cross-site scripting vulnerability exists in the /htdocs/validate.php file in Eventum version 3.5.0. The vulnerability stems from a lack of proper validation of client-si...

CVE-2019-5221

There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected...

Path traversal

There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected...

The vulnerability of the Akord-Win64 information protection tool, related to access control deficiencies, allows a intruder to gain access to confidential data.

The vulnerability of the information protection tool against unauthorized access, Akord-Win64, is related to deficiencies in access control for files when a specific file path is explicitly specified. Exploiting this vulnerability could allow an intruder, operating locally, to gain access to...

The vulnerability of the information protection system against unauthorized access is caused by an operation that goes beyond the buffer boundaries in memory, allowing a intruder to trigger a service failure.

The vulnerability of the information protection system against unauthorized access is due to an operation going beyond the buffer in memory file handling is not performed; the full path length exceeds 260 characters. Exploiting this vulnerability can allow a local attacker to cause a service...

Input validation

A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...

CVE-2019-1889 Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability

A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...