102 matches found
CVE-2022-27621
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors...
CVE-2022-27621
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors...
Jenkins Warnings Next Generation 路径遍历漏洞
Jenkins Warnings Next Generation is Jenkins an open source application plugin . The plugin is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A security vulnerability exists in Jenkins Warnings Next Generation Plugin that allows an attacke...
Apache James 路径遍历漏洞
Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation. Apache James in version 3.6.1 contains a path traversal vulnerability that stems from a failure of a networked system or product to properly filter special...
jenkins: Creating symbolic links is possible without the symlink permission
A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system...
CVE-2021-38477
There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files...
CVE-2020-4976
IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469...
USN-4707-1 tcmu vulnerability
It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request...
uftpd Path Traversal Vulnerability
uftpd is a Linux-based FTP/TFTP file transfer server from the Swedish individual developer Joachim Nilsson. A path traversal vulnerability exists in uftpd FTP server versions 2.7 to 2.10, which stems from multiple unauthenticated directory traversal vulnerabilities in different FTP commands, due ...
Cisco SD-WAN vManage XML External Entity Injection Vulnerability
Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An XML external entity injection vulnerability exists in the web UI of Cisco SD-WAN vManage 20.1.12 and earlier. The vulnerability stems from improper handling of XML External Entity XXE...
CA Unified Infrastructure Management Lack of Authentication Vulnerability
CA Unified Infrastructure Management is a powerful unified IT monitoring solution that helps organizations deliver reliable, flexible IT services. A lack of authentication vulnerability exists in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, which can be exploited by a remote attack...
CVE-2018-15573
An issue was discovered in Reprise License Manager RLM through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk as long as rlm.exe has access to it via /goform/editlfprocess with file content in the lfdata parameter and a pathname in the lf parameter. By...
Jenkins path traversal vulnerability
CloudBees Jenkins formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor continuous software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins a long-ter...
Linux kernel NFS server (nfsd) file read vulnerability
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the U.S. The NFS server nfsd is one of the network file system servers. A security vulnerability exists in the NFS server nfsd in versions prior to Linux kernel commit 1995266727fa. A remote...
CVE-2017-16929
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathna...
Inteno Router Information Disclosure Vulnerability
Inteno routers is a wireless router from Inteno Broadband Technologies in Sweden. A security vulnerability exists in Inteno routers, which stems from the program's failure to properly configure JUCI ACLs, which can be exploited to read and write files and add a root SSH key by sending JSON comman...
CVE-2017-6650
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An...
CVE-2016-0917
The SMB service in EMC VNXe VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638, VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra all supported versions does not prevent duplicate NTLM challenge-response...
The vulnerability of the microprogramming software in Janitza UMG 508, 509, 511, 604, 605 power supply monitoring systems allows a perpetrator to read and write files or execute JASIC code.
The vulnerability of the debugging interface of Microprogramming Software for Control System Chains of Janitza UMG models 508, 509, 511, 604, and 605 is related to the absence of an authentication procedure. Exploiting this vulnerability allows a malicious actor to read and write files, or execut...
QNAP Systems QNAP QTS Directory Traversal Vulnerability
QNAP Systems QNAP QTS is a Turbo NAS operating system from QNAP Systems. A directory traversal vulnerability exists in QNAP Systems QNAP QTS. When AFP is enabled in the program, a remote attacker can read or write arbitrary files by submitting a special directory traversal request while accessing...