CVE-2018-10904

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. An attacker can use this flaw to create files and execute arbitrary code. To exploit this, the attacker would require...

niubicmsv background database restore at the existence of arbitrary file download vulnerability

niubicms is by the Nanjing Niukun Network Technology Co., Ltd. independent research and development of the novel website source code, news website source code, for PHP open source system. niubicmsv background database restore the existence of arbitrary file download vulnerability. The vulnerabili...

Microsoft Windows Firewall: Domain: Logging: Name

This setting specifies the path and name of the file in which Windows Firewall will write its log information. Copyright C 2018 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU...

VulnCheck KEV: CVE-2018-8414

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths...

CVE-2018-15186

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php...

QCMS Cross-Site Scripting Vulnerability (CNVD-2019-10278)

QCMS is an open source content management system CMS for creating responsive websites. A cross-site scripting vulnerability exists in upload/System/Controller/backend/down.php in QCMS 3.0.1, which can be exploited by remote attackers to inject arbitrary web script or HTML...

UBUNTU-CVE-2017-16790

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to...

DEBIAN-CVE-2017-16790

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to...

D-Link DAP-1360 File Path Traversal and Cross-Site Scripting Vulnerability

The D-Link DAP-1360 is a wireless router. A file path traversal and cross-site scripting vulnerability exists in the D-Link DAP-1360, which allows remote attackers to read passwords via incorrect parameters, leading to an absolute path traversal attack...

GHSA-4VCM-QFXH-P6C3 Directory Traversal in getcityapi.yoehoehne

Affected versions of getcityapi.yoehoehne resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable syste...

Path Traversal in public

Versions of public before 0.1.3 are vulnerable to path traversal. This is due to lack of file path sanitization which could lead to any file the parent process has access to on the server to be read by malicious user. Recommendation Update to version 0.1.3 or later...

GHSA-RWV8-JVFF-JQ28 Path Traversal in public

Versions of public before 0.1.3 are vulnerable to path traversal. This is due to lack of file path sanitization which could lead to any file the parent process has access to on the server to be read by malicious user. Recommendation Update to version 0.1.3 or later...

Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T

VENDOR DESCRIPTION “New ideas are the driving force behind our success WAGO is a family-owned company headquartered in Minden, Germany. Independently operating for three generations, WAGO is the global leader of spring pressure electrical interconnect and automation solutions. For more than 60...

CVE-2018-1000532

beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users...

Arbitrary File Write

orientdb-core is vulnerable to arbitrary file writes. The application does not properly check on the file path during extraction, allowing arbitrary files to be written in other directories...

Security Bulletin: A security vulnerability has been identified in IBM Workload Deployer shipped with SmartCloud Orchestrator (CVE-2014-6158)

Summary IBM Workload Deployer is shipped as a component of IBM SmartCloud Orchestrator. Information about a security vulnerability affecting IBM Workload Deployer has been published in a security bulletin. Vulnerability Details Review security bulletin Security Bulletin: File path traversal...

Security Bulletin: File path traversal vulnerabilities affect IBM Workload Deployer shipped with IBM SmartCloud Orchestrator (CVE-2014-6158)

Summary File path traversal vulnerabilities affect IBM Workload Deployer, which is shipped with IBM SmartCloud Orchestrator CVE-2014-6158. Vulnerability Details Consult the Security Bulletin: File path traversal vulnerabilities affect IBM Workload Deployer CVE-2014-6158 document for vulnerability...

Security Bulletin: File path traversal vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) (CVE-2015-1884)

Summary IBM Business Proccess Manager and WebSphere Lombardi Edition are vulnerable to file path traversal. Due to insufficient input parameter validation files can be downloaded by authenticated attackers using specially crafted URLs. Vulnerability Details CVEID: CVE-2015-1884 DESCRIPTION: IBM...

Security Bulletin: File path traversal vulnerabilities affect IBM PureApplication System (CVE-2014-6158)

Summary File upload functionality within IBM PureApplication System might lead to server compromise and Denial of Service DoS. Vulnerability Details CVEID: CVE-2014-6158 DESCRIPTION: IBM PureApplication System’s file upload functions might lead to server compromise and DoS when authorized users...

Security Bulletin: File path traversal vulnerability affecting IBM Business Process Manager Process Center (CVE-2014-6182)

Summary An export function in IBM Business Process Manager Process Center is vulnerable to file path traversal. As a result, sensitive files might be downloaded. Vulnerability Details CVE-ID: CVE-2014-6182 Description: IBM Business Process Manager could allow a remote attacker to traverse...