CVE-2019-10667

An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths...

Information disclosure

An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths...

CVE-2019-10667

An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths...

DEBIAN-CVE-2019-11730

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation

Windows: Windows Font Cache Service Insecure Sections EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The Windows Font Cache Service exposes section objects insecurely to low privileged...

The vulnerability of the COM object dfact.dll in the MasterSCADA software package allows a hacker to trigger an emergency termination of the program.

The vulnerability of the COM object dfact.dll in the image processing method of the SetImage classes BmpImager, GifImager, AviImager, JpgImager in the MasterSCADA software package arises due to the use of a insecure memory allocation function on the stack allocaprobe16. Exploiting this...

PT-2019-2636 · Jenkins · Jenkins Credentials Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Plugin versions 2.1.18 and earlier Description: The issue allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path and obtain the...

Directory Traversal

pulp is vulnerable to directory traversal. A malicious user is able to write to arbitrary locations or overwrite published content on other iso feed repository caused by improper parsing of file paths...

The vulnerability of VMware Workstation’s virtualization platform lies in its security flaws related to the handling of executable file paths, allowing attackers to escalate their privileges.

The vulnerability of VMware Workstation’s virtualization platform is related to deficiencies in security mechanisms for processing pathnames of executable files. Exploiting this vulnerability can allow attackers to gain increased privileges...

Design/Logic Flaw

When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd...

Security Bulletin: A Security Vulnerability affects IBM Cloud Private Metering

Summary A Security Vulnerability affects IBM Cloud Private Metering Vulnerability Details CVEID: CVE-2018-10904 DESCRIPTION: glusterfs could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper validation of file paths in the trusted.io-stats-dump...

Arbitrary Code Execution

libglusterfs.so is vulnerable to arbitrary code execution attacks. The library does not properly sanitize file paths in the trusted.io-stats-dump attribute, allowing a malicious user to create arbitrary files or execute arbitrary code...

Object Injection Attack

phpmailer/phpmailer is vulnerable to object injection attacks. The vulnerability exists due to the lack of validation on file paths to ensure if it is a permitted type, allowing object injection attacks...

Microsoft SharePoint Enterprise Server Information Disclosure Vulnerability

Microsoft SharePoint Enterprise Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. An...

Arbitrary Code Execution

libglusterfs.so is vulnerable to arbitrary code execution attacks. The library does not properly sanitize file paths in the trusted.io-stats-dump attribute, allowing a malicious user to create arbitrary files or execute arbitrary code...

CVE-2018-10904

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient...

CVE-2018-10904

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient...

Code injection

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient...

CVE-2018-10904

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient...

CVE-2018-10904

CVE-2018-10904 affects GlusterFS servers. The vulnerability arises from improper sanitization of file paths in the trusted.io-stats-dump extended attribute used by the debug/io-stats translator. An attacker with sufficient access to modify extended attributes on a Gluster volume can create files ...