Lucene search
K

102 matches found

OSV
OSV
added 2022/08/03 6:15 a.m.4 views

CVE-2022-27621

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors...

3.8CVSS5.9AI score0.00631EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/02 4:26 p.m.2 views

CVE-2022-27621

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors...

5.5CVSS6AI score0.00631EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.6 views

Jenkins Warnings Next Generation 路径遍历漏洞

Jenkins Warnings Next Generation is Jenkins an open source application plugin . The plugin is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A security vulnerability exists in Jenkins Warnings Next Generation Plugin that allows an attacke...

8.1CVSS7.7AI score0.01939EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/01/04 12:0 a.m.5 views

Apache James 路径遍历漏洞

Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation. Apache James in version 3.6.1 contains a path traversal vulnerability that stems from a failure of a networked system or product to properly filter special...

9.1CVSS5.7AI score0.03706EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/11/29 10:40 a.m.3 views

jenkins: Creating symbolic links is possible without the symlink permission

A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system...

9.8CVSS5.8AI score0.02034EPSS
Exploits0References5
OSV
OSV
added 2021/10/22 12:15 p.m.6 views

CVE-2021-38477

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files...

9.8CVSS7.3AI score0.01083EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/03/10 12:0 a.m.2 views

CVE-2020-4976

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469...

5.1CVSS6.2AI score0.00339EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/01/28 1:41 p.m.3 views

USN-4707-1 tcmu vulnerability

It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request...

8.1CVSS7.3AI score0.02649EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/12/18 12:0 a.m.6 views

uftpd Path Traversal Vulnerability

uftpd is a Linux-based FTP/TFTP file transfer server from the Swedish individual developer Joachim Nilsson. A path traversal vulnerability exists in uftpd FTP server versions 2.7 to 2.10, which stems from multiple unauthenticated directory traversal vulnerabilities in different FTP commands, due ...

9.8CVSS7.7AI score0.25249EPSS
Exploits4References7
CNVD
CNVD
added 2020/11/05 12:0 a.m.2 views

Cisco SD-WAN vManage XML External Entity Injection Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An XML external entity injection vulnerability exists in the web UI of Cisco SD-WAN vManage 20.1.12 and earlier. The vulnerability stems from improper handling of XML External Entity XXE...

8.1CVSS7.3AI score0.00734EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/31 12:0 a.m.2 views

CA Unified Infrastructure Management Lack of Authentication Vulnerability

CA Unified Infrastructure Management is a powerful unified IT monitoring solution that helps organizations deliver reliable, flexible IT services. A lack of authentication vulnerability exists in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, which can be exploited by a remote attack...

9.8CVSS9.6AI score0.02681EPSS
Exploits0References1
OSV
OSV
added 2018/08/20 2:29 a.m.4 views

CVE-2018-15573

An issue was discovered in Reprise License Manager RLM through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk as long as rlm.exe has access to it via /goform/editlfprocess with file content in the lfdata parameter and a pathname in the lf parameter. By...

8.8CVSS5.8AI score0.02146EPSS
Exploits3References2
CNVD
CNVD
added 2018/06/06 12:0 a.m.3 views

Jenkins path traversal vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor continuous software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins a long-ter...

8.1CVSS7.8AI score0.02612EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/26 12:0 a.m.5 views

Linux kernel NFS server (nfsd) file read vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the U.S. The NFS server nfsd is one of the network file system servers. A security vulnerability exists in the NFS server nfsd in versions prior to Linux kernel commit 1995266727fa. A remote...

7.4CVSS7.8AI score0.01411EPSS
Exploits0References1
OSV
OSV
added 2017/12/05 9:29 a.m.5 views

CVE-2017-16929

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathna...

8.1CVSS5.9AI score0.12889EPSS
Exploits4References3
CNVD
CNVD
added 2017/07/26 12:0 a.m.1 views

Inteno Router Information Disclosure Vulnerability

Inteno routers is a wireless router from Inteno Broadband Technologies in Sweden. A security vulnerability exists in Inteno routers, which stems from the program's failure to properly configure JUCI ACLs, which can be exploited to read and write files and add a root SSH key by sending JSON comman...

9CVSS8.9AI score0.01197EPSS
Exploits1References1
OSV
OSV
added 2017/05/22 1:29 a.m.3 views

CVE-2017-6650

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An...

7.8CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
added 2016/09/21 1:0 a.m.34 views

CVE-2016-0917

The SMB service in EMC VNXe VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638, VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra all supported versions does not prevent duplicate NTLM challenge-response...

9.8AI score0.04181EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2015/11/20 12:0 a.m.6 views

The vulnerability of the microprogramming software in Janitza UMG 508, 509, 511, 604, 605 power supply monitoring systems allows a perpetrator to read and write files or execute JASIC code.

The vulnerability of the debugging interface of Microprogramming Software for Control System Chains of Janitza UMG models 508, 509, 511, 604, and 605 is related to the absence of an authentication procedure. Exploiting this vulnerability allows a malicious actor to read and write files, or execut...

7.5CVSS5.7AI score0.01623EPSS
Exploits0References2
CNVD
CNVD
added 2015/10/18 12:0 a.m.3 views

QNAP Systems QNAP QTS Directory Traversal Vulnerability

QNAP Systems QNAP QTS is a Turbo NAS operating system from QNAP Systems. A directory traversal vulnerability exists in QNAP Systems QNAP QTS. When AFP is enabled in the program, a remote attacker can read or write arbitrary files by submitting a special directory traversal request while accessing...

9.3CVSS7.1AI score0.04077EPSS
Exploits0References1
Rows per page
Query Builder