PT-2019-3566 · Advantech · Webaccess

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess versions 8.3.5 and prior Description: The issue is caused by a lack of proper validation of a user-supplied path prior to use in file operations, allowing an attacker to delete files while posing as an administrator. This...

CVE-2019-6754

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

The vulnerability of the synchronization identifier application in the Cisco Directory Connector lies in errors in the path validation mechanism, allowing an intruder to gain unauthorized access to protected information.

The vulnerability of the application for synchronizing identifiers in the Cisco Directory Connector is related to errors in the mechanism for checking the path of dynamically attached libraries. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...

Arbitrary File Write

mercurial is vulnerable to arbitrary file write attacks. The vulnerability is possible by using symlinks and subrepositories to bypass the validation of path checking, allowing the writing of files outside of the repository...

Security feature bypass

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This...

LAquis SCADA LGX Report TextFile Read Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Privilege Escalation

atomic openshift is vulnerable to privilege escalation attacks. The vulnerability exists as a flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...

source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...

Directory Traversal

AWSSDKCPP-Core is vulnerable to directory traversal. Lack of validation in the file path allows for remote attackers to inject ../ characters to create or retrieve arbitrary files and folders within the file system...

The vulnerability in the web interface of D-Link’s microprogrammed router software allows a hacker to gain access to and read arbitrary files.

The vulnerability of D-Link microprogrammed software router web interfaces lies in insufficient checking of the path to the directory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to and read arbitrary files using a specially crafted HTTP request...

CVE-2018-10501

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

Important: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update

An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Hewlett Packard Enterprise Intelligent Management Center imciccdm createFabricAutoCfgFile Directory Traversal Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the imciccdm component. The issue results fro...

tecrail Responsive FileManager Arbitrary File Overwrite Vulnerability

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail that supports the uploading and management of videos, images and other files. An arbitrary file overwrite vulnerability exists in the /filemanager/ajaxcalls.php file in versions of tecrail...

Multiple Elevation of Privilege Vulnerabilities in Eclipse OpenJ9

Eclipse OpenJ9 is a Java application engine of the Eclipse Foundation , it is mainly used to run Java applications . Multiple elevation of privilege vulnerabilities exist in Eclipse OpenJ9 version 0.8 that stem from the program enforcing weak access control and failing to adequately and properly...

CVE-2018-14795

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

CVE-2018-14795

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

Input validation

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

CVE-2018-14795

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

CVE-2018-14795

DeltaV DCS Workstations (Emerson) are affected by CVE-2018-14795 due to improper path validation (Relative Path Traversal). Affected products are DeltaV versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5. The vulnerability can allow an attacker to replace executable files. Public advisories/records ...