CVE-2021-36991

There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access...

CVE-2021-36991

There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access...

Apple macOS 输入验证错误漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. macOS suffers from an input validation error vulnerability that stems from insufficient validation of user-supplied input when processing paths in smbx. A remote attacker on a local network could exploit this...

Cisco SD-WAN vManage Elevation of Privilege Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An elevation of privilege vulnerability exists in the System File Transfer feature of Cisco SD-WAN vManage. The vulnerability stems from improper validation of the path input to the System...

Cross-site Scripting (XSS)

Overview iobroker.web is a Web server on the base of Node.js and express to read the files from ioBroker DB. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Characters in the GET url path are not properly escaped and can be reflected in the server response. Details...

python: CRLF injection via the path part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

DEBIAN-CVE-2018-19790

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the failurepath input field of login forms, an attacker can work around the redirection target restrictio...

CVE-2018-15450

A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input fiel...