Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service. The vulnerability exist because the amount of image data in a file is not properly validated...

Design/Logic Flaw

AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it...

UBUNTU-CVE-2020-25266

AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it...

Code injection

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denia...

Input validation

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...

The Return of Raining SYSTEM Shells with Citrix Workspace app

TL;DR Back in July I documented a new Citrix Workspace vulnerability that allowed attackers to remotely execute arbitrary commands under the SYSTEM account. Well after some further investigation on the initial fix I discovered a new vector that quite frankly should not exist at all since the...

Design/Logic Flaw

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface allows an attacker with edit document rights to upload any file including script files without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker c...

CVE-2020-15645

CVE-2020-15645 affects Marvell QConvergeConsole 5.5.0.64. The root cause is in the getFileFromURL method of the GWTTestServiceImpl class, which lacks proper validation of a user-supplied path before file operations. This leads to remote code execution with SYSTEM privileges. Authentication is req...

CVE-2020-3381 Cisco SD-WAN vManage Software Directory Traversal Vulnerability

A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation o...

VulnCheck KEV: CVE-2020-36705

The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ninguploadimage function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

OpenClinic GA File Upload Vulnerability

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. A file upload vulnerability exists in OpenClinic GA version 5.09.02 and 5.89.05b, which stems from the program faili...

CVE-2020-3342 Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by...

Advantech WebAccess/NMS extProgramAction Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the extProgramAction.action endpoint. When parsing th...

CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

Microsoft Office 2007 and 2010 RTF frmtxtbrl EIP corruption

The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This sample also reproduced in Office 2010 running on Windows 7 x86. It did not reproduce in...

CVE-2020-0697

CVE-2020-0697 is a Microsoft Office elevation-of-privilege flaw affecting the OLicenseHeartbeat task. An authenticated attacker could place a specially crafted file in a specific location to run the task with SYSTEM privileges, enabling arbitrary file corruption. The vulnerability is addressed by...

Microsoft Office Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM. To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a...

Cisco FXOS Software Secure Configuration Bypass (cisco-sa-20190515-nxos-conf-bypass)

According to its self-reported version, Cisco FXOS Software is affected by a configuration bypass vulnerability due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An authenticated, local attacker can exploit this, by...

CVE-2019-14866

CVE-2019-14866 affects GNU cpio: all versions before 2.13 improperly validate input when generating TAR archives, enabling a local attacker to cause files with unintended permissions or paths when creating archives. Exploitation relies on archiving from paths, potentially enabling high-privilege ...

Input validation

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...