2144 matches found
Design/Logic Flaw
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information...
CVE-2019-7289
The CVE-2019-7289 issue affects Apple Shortcuts for iOS: a parsing flaw in how directory paths are handled could allow a local user to view sensitive information. The root cause is improper path validation. Remediation is available in Shortcuts 2.1.3 for iOS, which addresses the vulnerability by ...
CVE-2019-7289
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information...
D-Link DIR-615 Elevation of Privilege Vulnerability
The D-Link DIR-615 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DIR-615 suffers from an elevation of privilege vulnerability that stems from the program's failure to perform complete validation of file paths and error detection. An attacker can exploit the elevation of...
CVE-2019-1477
An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...
Advantech WISE-PaaS/RMM Path Traversal Vulnerability
Advantech WISE-PaaS/RMM is an IoT device remote monitoring and management platform. A path traversal vulnerability exists in Advantech WISE-PaaS/RMM 3.3.29 and earlier versions. The vulnerability stems from failure to properly validate a user-supplied path before using it for file operations. An...
The numerous vulnerabilities in the API interface of the WADashboard component of the Advantech WebAccess software allow a perpetrator to write or overwrite any files in the file system.
The multiple vulnerabilities of the API interface of the WADashboard component in the Advantech WebAccess remote monitoring software are related to deficiencies in path validation before its use in file operations. Exploiting these vulnerabilities could allow a malicious actor to read arbitrary...
UBUNTU-CVE-2019-17670
WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because Windows paths are mishandled during certain validation of relative URLs...
CentOS 7 : keepalived (CESA-2019:2285)
An update for keepalived is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
CVE-2019-12326
Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload shell commands within the file and trigger code execution...
Input validation
Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload shell commands within the file and trigger code execution...
CVE-2019-12326
Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload shell commands within the file and trigger code execution...
Input validation
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...
CVE-2019-1889 Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...
PT-2019-3566 · Advantech · Webaccess
Name of the Vulnerable Software and Affected Versions: Advantech WebAccess versions 8.3.5 and prior Description: The issue is caused by a lack of proper validation of a user-supplied path prior to use in file operations, allowing an attacker to delete files while posing as an administrator. This...
CVE-2019-6754
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
The vulnerability of the synchronization identifier application in the Cisco Directory Connector lies in errors in the path validation mechanism, allowing an intruder to gain unauthorized access to protected information.
The vulnerability of the application for synchronizing identifiers in the Cisco Directory Connector is related to errors in the mechanism for checking the path of dynamically attached libraries. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...
Arbitrary File Write
mercurial is vulnerable to arbitrary file write attacks. The vulnerability is possible by using symlinks and subrepositories to bypass the validation of path checking, allowing the writing of files outside of the repository...
Security feature bypass
Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This...
LAquis SCADA LGX Report TextFile Read Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...