CVE-2020-15543

SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path...

Microsoft Windows Shell Remote Code Execution Vulnerability (CNVD-2021-27712)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Shell is a user-interactive interface based on the Windows platform that...

CVE-2020-1286

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'...

Druva inSync Windows Client 6.6.3 CVE-2020-5752 - Local Privilege Escalation

Druva inSync Windows Client version 6.6.3 suffers from a local privilege escalation vulnerability. Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Date: 2020-05-21 Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage:...

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit

Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....

CVE-2020-1081

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

Directory Traversal

jooby is vulnerable to directory traversal. Lack of path validation allows an attacker to inject ../ characters and access files outside of the web root directory...

dotCMS CMSFilter Authentication Bypass (CVE-2020-6754)

An access control weakness exists in the dotCMS content management system. The vulnerability is due to insufficient path validation in the CMSFilter class...

The vulnerability of the Vijeo Designer Basic and Vijeo Designer software lies in errors during the validation of the paths for loading dynamic libraries. This allows a hacker to execute arbitrary code.

The vulnerability of the Vijeo Designer Basic and Vijeo Designer software lies in errors during the validation of the paths for loading dynamic libraries. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary code.

The vulnerability of the “go get” command in the Go programming language is related to insufficient validation of input data insufficient checking of the import path when using the “-u” flag. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially create...

NewStart CGSL CORE 5.04 / MAIN 5.04 : git Vulnerability (NS-SA-2020-0014)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has git packages installed that are affected by a vulnerability: - A flaw was discovered where git improperly validates submodules' names used to construct git metadata paths and does not prevent them from being nested in...

CVE-2019-19606

X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths or a leak of OS credentials to a remote system via crafted network packets. This could be used to execute arbitrary commands on the system...

Input validation

X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths or a leak of OS credentials to a remote system via crafted network packets. This could be used to execute arbitrary commands on the system...

CVE-2019-19606

X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths or a leak of OS credentials to a remote system via crafted network packets. This could be used to execute arbitrary commands on the system...

CVE-2019-19606

X-Plane prior to 11.41 contains an OS command injection due to multiple improper path validations. A crafted network packet could cause reading/writing files to arbitrary paths and potentially leak credentials, enabling execution of arbitrary commands. Affected: X-Plane 11.x

Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal

Exploit Title: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal Date: 2020-03-26 Exploit Author: hongphukt Vendor Homepage: https://www.jinfonet.com/ Software Link: https://www.jinfonet.com/product/download-jreport/ Version: JReport 15.6 Tested on: Linux, Windows Jreport Help function...

DEBIAN-CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

Phar object injection in PHPMailer

PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment and other functions that may receive unfiltered local paths, possibly leading to RCE. See this article for more info on this type of vulnerability. Mitigated by...

Selesta Visual Access Manager Buffer Overflow Vulnerability

Selesta Visual Access Manager VAM is the Selesta Visual Access Manager. A security vulnerability exists in Selesta Visual Access Manager VAM versions 4.15.0 through 4.29, which results from the program failing to check for parameters, destination paths, or extensions used to specify the name of t...

Atlassian Confluence Server Information Disclosure (CVE-2019-3394)

A local file inclusion vulnerability exists in Atlassian Confluence Server. This vulnerability is due to improper validation of file path. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to...