970 matches found
CVE-2018-3727
626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...
CVE-2018-3729
The CVE-2018-3729 entry is supported by multiple connected documents describing a path traversal flaw in the localhost-now Node.js module. Affected software: localhost-now prior to version 1.0.2 (as documented in GHSA-2GJG-5X33-MMP2 and OSV; HackerOne report H1:312889 corroborates). Root cause: l...
CVE-2018-3716
CVE-2018-3716 affects the simplehttpserver Node.js module. The vulnerability is a stored XSS in directory listings caused by lack of validation/sanitization of file names fed into HTML output. Exploitation requires an attacker-controlled filename in the listing; the XSS payload is reflected in th...
source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...
CVE-2018-2404
CVE-2018-2404 affects SAP Disclosure Management 10.1. The vulnerability arises because the product fails to validate file formats during upload, enabling an attacker to upload arbitrary files. Exploitation status is not provided in the connected documents. Impact details in the sources indicate p...
Design/Logic Flaw
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/setparam to the file name with the value of 'system.delete.sdfile'...
CVE-2018-7217
In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an...
Design/Logic Flaw
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
Design/Logic Flaw
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
CVE-2017-16598
This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed...
CVE-2017-16595
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...
CVE-2017-16597
CVE-2017-16597 affects NetGain Systems Enterprise Manager 7.2.730 build 1034. The issue is in TFtpServer handling of WRQ requests, where parsing of the Filename field does not properly validate a user-supplied path before using it in file operations, enabling remote code execution. Exploitation i...
CVE-2013-4578
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
CVE-2013-4578
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
Design/Logic Flaw
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
CVE-2013-4578
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...
Authentication flaw
VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP request. 5010 with...
Filepath Modification
October CMS is vulnerable to filepath modifications. The library does not validate the path of a file when it is uploaded, allowing a malicious user to create malicious files and file directories on the server...
osTicket 1.10.1 Shell Upload Vulnerability
Exploit for php platform in category web applications Reference: https://becomepentester.blogspot.ae/2017/10/osTicket-File-Upload- Restrictions-Bypassed-CVE-2017-15580.html Exploit Title: File Upload Restrictions Bypassed Date: 18 October, 2017 Exploit Author: Rajwinder Singh Vendor Homepage:...
CVE-2017-15580
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. A...