CVE-2019-1861

A vulnerability in the software update feature of Cisco Industrial Network Director could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of files uploaded to the affected application. An attacker could exploit this vulnerability ...

Security Bulletin: IBM® Intelligent Operations Center does not correctly validate file types before uploading files (CVE-2019-4069)

Summary IBM® Intelligent Operations Center does not validate the content of CSV files that are uploaded by authenticated users. The upload of unvalidated CSV files by authenticated users might be a starting point for further attacks if it is combined with file renaming or other inclusion...

CVE-2019-1771

CVE-2019-1771 affects Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows. The issue arises from improper validation of ARF/WRF files, enabling an attacker to execute arbitrary code when a user opens a malicious ARF/WRF file delivered via link or email attachment. ...

Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability

A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of...

CVE-2019-4071

IBM Tivoli Storage Productivity Center IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063...

CVE-2019-1592

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient...

CVE-2019-1592

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient...

CVE-2019-1592

CVE-2019-1592 affects Cisco Nexus 9000 Series NX-OS in ACI Mode Switch Software. The issue is caused by insufficient validation of user-supplied files, allowing an authenticated, local attacker to create a crafted file in a specific filesystem directory and execute arbitrary OS commands as root. ...

Directory Traversal

camel-core is vulnerable to directory traversal. The file producer does not validate file names before creating, allowing an attacker to write or overwrite files outside of the starting directory...

Remote Code Execution (RCE)

MadsKristensen.AspNetCore.Miniblog is vulnerable to remote code execution. A remote attacker is able to execute arbitrary ASPX code by uploading a malicious IMG element with a data: URL, which will be executed when the SaveFilesToDisk function in Controllers/BlogController.cs writes a decoded...

Design/Logic Flaw

madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension...

CVE-2019-9845

madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension...

PT-2019-2946 · Cisco · Cisco Webex Network Recording Player +1

Name of the Vulnerable Software and Affected Versions: Cisco Webex Network Recording Player versions affected versions not specified Cisco Webex Player versions affected versions not specified Description: The issue is related to a buffer overflow in memory, allowing a remote attacker to execute...

Format string

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording...

CVE-2019-1638 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording...

CVE-2019-1638 Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording...

Code Injection

openjdk is vulnerable to code injection attacks. The vulnerability exists as jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

CVE-2018-20684

CVE-2018-20684 affects WinSCP prior to 5.14 beta where the SCP implementation lacks proper validation, allowing the server to send files that could overwrite unrelated ones via TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp. Documents confirm the vulnerability in the WinSCP SCP path, with CVSS...

Cross-site Scripting (XSS)

getkirby/kirby is vulnerable to cross-site scripting XSS. The vulnerability is possible due to incorrect file validation via "site files" Add option while uploading an SVG file...

Adobe Acrobat Pro DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...