Directory traversal

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php...

Directory traversal

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php...

Directory traversal

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php...

Directory traversal

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php...

Directory traversal

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php...

CVE-2020-9029

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php...

CVE-2020-9031

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php...

CVE-2020-9031

Symmetricom SyncServer devices (S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, S350 2.80.1) are affected by a directory traversal vulnerability in the FileName parameter of daemonlog.php. The underlying root cause is not explicitly detailed in the provided documents, but the vulnerability all...

CVE-2020-9032

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php...

CVE-2020-9032

CVE-2020-9032 affects Symmetricom SyncServer S100/S200/S250/S300/S350 devices (versions listed in the CVE) and enables Directory Traversal via the FileName parameter to kernlog.php. Root cause: improper handling/filtering of file paths in kernlog.php leading to access outside the intended directo...

CVE-2020-9033

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php...

CVE-2020-9012

A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

CVE-2020-9012

A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

CVE-2018-10858

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client...

PT-2020-15313 · Jenkins · Jenkins Code Coverage Api Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Code Coverage API Plugin versions 1.1.2 and earlier Description: The issue is related to a stored XSS vulnerability. It occurs because the filename of the coverage report used in its view is not properly escaped, allowing users who ca...

PT-2020-6675

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.9.x before 2.9.3 Ansible Engine versions 2.8.x before 2.8.8 Ansible Engine versions 2.7.x before 2.7.16 and earlier Description The issue is related to the nxos file copy module in Ansible, which can be used to copy...

Ansible: malicious code could craft filename in nxos_file_copy module

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues...

Ansible: malicious code could craft filename in nxos_file_copy module

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues...

Cross-Site Scripting (XSS)

privatebin/privatebin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the filename of an attachment...

Remote code execution

AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/rcmdstat.jsp to write to a specified filename...