CVE-2019-18888

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command...

CVE-2010-2061

rpcbind 0.2.0 does not properly validate 1 /tmp/portmap.xdr and 2 /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started...

CVE-2019-12672

A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system OS with root privileges. The vulnerability is due to insufficient file location validatio...

Intel Driver & Support Assistant Elevation of Privilege Vulnerability

Intel Driver & Support Assistant is an Intel driver and support management tool from Intel Corporation USA. This tool is mainly used to get the latest applications provided by Intel. A security vulnerability exists in Intel Driver & Support Assistant versions prior to 19.7.30.2, which stems from...

CVE-2019-1924

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced...

CVE-2019-1927

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced...

Format string

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced...

CVE-2019-1925 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced...

CVE-2019-1925

Cisco Webex Network Recording Player and Webex Player for Windows are affected by multiple issues caused by improper validation of ARF/WRF files, enabling arbitrary code execution when a user opens a crafted ARF/WRF file delivered via link or email attachment. The vulnerabilities stem from memory...

CVE-2019-12326

Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload shell commands within the file and trigger code execution...

CVE-2019-12326

Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload shell commands within the file and trigger code execution...

Design/Logic Flaw

Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File...

CVE-2019-13984

Directus 7 API before 2.3.0 fails to validate uploaded files; regardless of extension or MIME type there is a direct link to each uploaded file, accessible by unauthenticated users. Root cause: missing file validation in the upload flow, enabling access to uploaded content (as demonstrated by the...

Directory Traversal

The Dataset API in DKPro Core is vulnerable to directory traversal. Lack of validation of file names in core/api/datasets/internal/actions/Explode.java allows an attacker to overwrite arbitrary local files via a malicious archive...

CVE-2019-9842

madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in appcode/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension...

Design/Logic Flaw

madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in appcode/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension...

CVE-2019-9842

madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in appcode/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension...

CVE-2019-4069

IBM Intelligent Operations Center (IOC) 5.1.0–5.2.0 is affected by CVE-2019-4069, a file-type validation flaw that allows uploading malicious content. Also affects IOC for Emergency Management 5.1.0–5.1.0.6 and Water Operations for Waternamics 5.1.0–5.2.1.1. Root cause: improper file-type validat...

CVE-2019-4069

IBM Intelligent Operations Center IOC 5.1.0 through 5.2.0 does not properly validate file types, allowing an attacker to upload malicious content. IBM X-Force ID: 157014...

Input validation

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability ...