Lucene search
K

2144 matches found

Prion
Prion
added 2019/12/18 6:15 p.m.19 views

Design/Logic Flaw

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information...

2.1CVSS4.6AI score0.0031EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/12/18 5:33 p.m.53 views

CVE-2019-7289

The CVE-2019-7289 issue affects Apple Shortcuts for iOS: a parsing flaw in how directory paths are handled could allow a local user to view sensitive information. The root cause is improper path validation. Remediation is available in Shortcuts 2.1.3 for iOS, which addresses the vulnerability by ...

5.5CVSS6AI score0.0031EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/18 5:33 p.m.31 views

CVE-2019-7289

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information...

4.6AI score0.0031EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/17 12:0 a.m.1 views

D-Link DIR-615 Elevation of Privilege Vulnerability

The D-Link DIR-615 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DIR-615 suffers from an elevation of privilege vulnerability that stems from the program's failure to perform complete validation of file paths and error detection. An attacker can exploit the elevation of...

7.3AI score
Exploits0References1
OSV
OSV
added 2019/12/10 10:15 p.m.3 views

CVE-2019-1477

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

7.8CVSS5.8AI score0.01004EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/01 12:0 a.m.1 views

Advantech WISE-PaaS/RMM Path Traversal Vulnerability

Advantech WISE-PaaS/RMM is an IoT device remote monitoring and management platform. A path traversal vulnerability exists in Advantech WISE-PaaS/RMM 3.3.29 and earlier versions. The vulnerability stems from failure to properly validate a user-supplied path before using it for file operations. An...

10CVSS7.4AI score0.04907EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/10/29 12:0 a.m.4 views

The numerous vulnerabilities in the API interface of the WADashboard component of the Advantech WebAccess software allow a perpetrator to write or overwrite any files in the file system.

The multiple vulnerabilities of the API interface of the WADashboard component in the Advantech WebAccess remote monitoring software are related to deficiencies in path validation before its use in file operations. Exploiting these vulnerabilities could allow a malicious actor to read arbitrary...

6.8CVSS5.7AI score0.32367EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/10/17 1:15 p.m.2 views

UBUNTU-CVE-2019-17670

WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because Windows paths are mishandled during certain validation of relative URLs...

9.8CVSS7.3AI score0.0451EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/08/30 12:0 a.m.51 views

CentOS 7 : keepalived (CESA-2019:2285)

An update for keepalived is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

4.7CVSS5.7AI score0.00501EPSS
Exploits1References2
NVD
NVD
added 2019/07/22 5:15 p.m.10 views

CVE-2019-12326

Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload shell commands within the file and trigger code execution...

10CVSS7.9AI score0.02985EPSS
Exploits1References1
Prion
Prion
added 2019/07/22 5:15 p.m.14 views

Input validation

Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload shell commands within the file and trigger code execution...

10CVSS9.6AI score0.02985EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/22 4:5 p.m.16 views

CVE-2019-12326

Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload shell commands within the file and trigger code execution...

7.2CVSS9.7AI score0.02985EPSS
Exploits1References1
Prion
Prion
added 2019/07/04 8:15 p.m.13 views

Input validation

A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...

9CVSS7.2AI score0.02818EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/07/04 7:55 p.m.21 views

CVE-2019-1889 Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability

A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...

7.2CVSS7.2AI score0.02818EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/06/27 12:0 a.m.8 views

PT-2019-3566 · Advantech · Webaccess

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess versions 8.3.5 and prior Description: The issue is caused by a lack of proper validation of a user-supplied path prior to use in file operations, allowing an attacker to delete files while posing as an administrator. This...

9.1CVSS9AI score0.03106EPSS
Exploits0References6
OSV
OSV
added 2019/06/03 7:29 p.m.2 views

CVE-2019-6754

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.5AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.4 views

The vulnerability of the synchronization identifier application in the Cisco Directory Connector lies in errors in the path validation mechanism, allowing an intruder to gain unauthorized access to protected information.

The vulnerability of the application for synchronizing identifiers in the Cisco Directory Connector is related to errors in the mechanism for checking the path of dynamically attached libraries. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...

5.1CVSS6AI score0.00383EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2019/04/23 8:10 a.m.37 views

Arbitrary File Write

mercurial is vulnerable to arbitrary file write attacks. The vulnerability is possible by using symlinks and subrepositories to bypass the validation of path checking, allowing the writing of files outside of the repository...

5.9CVSS6.2AI score0.01413EPSS
Exploits0References8Affected Software2
Prion
Prion
added 2019/03/21 4:1 p.m.17 views

Security feature bypass

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This...

4CVSS6.4AI score0.04949EPSS
Exploits0References3Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2019/01/19 12:0 a.m.11 views

LAquis SCADA LGX Report TextFile Read Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

5CVSS1.5AI score0.02572EPSS
Exploits0References1
Rows per page
Query Builder