60 matches found
CVE-2024-7262
Kingsoft WPS Office for Windows is affected by CVE-2024-7262 due to improper path validation in promecefpluginhost.exe. Versions 12.2.0.13110–12.2.0.16412 (exclusive) are exploitable via a weaponized, single-click embedded spreadsheet document that can load an arbitrary Windows library. Connected...
CVE-2024-7262
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...
LG Simple Editor Remote Code Execution Vulnerability (CNVD-2024-33686)
LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by failing to properly validate a user-supplied path before using it in ...
LG Simple Editor Remote Code Execution Vulnerability (CNVD-2024-33689)
LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by failing to properly validate a user-supplied path before using it in ...
Pulse Secure Client 安全漏洞
Pulse Secure Client is a suite of client software from Pulse Secure USA for end devices that access the Pulse Secure gateway. A security vulnerability exists in Pulse Secure Client that stems from failure to properly validate a user-supplied path before using it in a file operation, allowing a...
CVE-2024-30270
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...
PT-2024-14223 · Allegra · Allegra
Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this issue, the existing authentication...
LG LED Assistant Path Traversal Vulnerability
LG LED Assistant is a software from Luckin LG Korea. It is used to set up LED lights. A security vulnerability exists in LG LED Assistant that originates from failure to properly validate a user-supplied path before using it in a file operation, allowing remote attackers to disclose information...
Keysight Technologies N6854A Geolocation server 代码问题漏洞
Keysight Technologies N6854A Geolocation server is a geolocation server from Keysight Technologies, Inc. A security vulnerability exists in Keysight Geolocation Server v2.4.2 and prior versions, which stems from improper path validation and allows an attacker to upload a specially crafted malicio...
Enterprise Distributed Technologies CompleteFTP Server 路径遍历漏洞
Enterprise Distributed Technologies CompleteFTP Server is a Windows-based SFTP SHH File Transfer Protocol server from Enterprise Distributed Technologies, Australia. A path traversal vulnerability exists in Enterprise Distributed Technologies CompleteFTP Server version v22.1.0, which arises from...
Input validation
X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths or a leak of OS credentials to a remote system via crafted network packets. This could be used to execute arbitrary commands on the system...
CVE-2019-19606
X-Plane prior to 11.41 contains an OS command injection due to multiple improper path validations. A crafted network packet could cause reading/writing files to arbitrary paths and potentially leak credentials, enabling execution of arbitrary commands. Affected: X-Plane 11.x
Huawei EulerOS: Security Advisory for yum-utils (EulerOS-SA-2018-1319)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CVE-2018-14795
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...
Emerson Electric Deltav Path Traversal Vulnerability
Emerson Electric DeltaV is a digital automation system from Emerson Electric USA. The system offers I/O on-demand configuration, embedded intelligent control, and alarm panels. A path traversal vulnerability exists in Emerson Electric DeltaV, which stems from the program failing to properly...
RHEL 6 : yum-utils (RHSA-2018:2284)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2284 advisory. - yum-utils: reposync: improper path validation may lead to directory traversal CVE-2018-10897 Note that Nessus has not tested for this issue but has...
Important: Red Hat Security Advisory: yum-utils security update
An update for yum-utils is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...
NetGain Systems Enterprise Manager Information Disclosure Vulnerability (CNVD-2018-03264)
Netgain Enterprise Manager is a suite of IT asset monitoring and management software from NetGain Systems, Singapore. An information disclosure vulnerability in the org.apache.jsp.u.jsp.designer.script005fsamplesjsp servlet in NetGain Enterprise Manager version 7.2.730 build 1034 arises from a...