Lucene search
K

1092 matches found

Cvelist
Cvelist
added 2020/08/24 7:10 p.m.22 views

CVE-2020-7376 Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module

The Metasploit Framework module "post/osx/gather/enumosx module" is affected by a relative path traversal vulnerability in the getkeychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host...

7.1CVSS9.5AI score0.01123EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2020/06/08 5:15 p.m.21 views

CVE-2020-13696

An issue was discovered in LinuxTV xawtv before 3.107. The function devopen in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to...

4.4CVSS5.9AI score0.00355EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/06/08 4:32 p.m.34 views

CVE-2020-13696

An issue was discovered in LinuxTV xawtv before 3.107. The function devopen in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to...

4.5AI score0.00355EPSS
Exploits0References11
NVD
NVD
added 2020/05/21 3:15 p.m.20 views

CVE-2020-5752

Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...

7.8CVSS8AI score0.08607EPSS
Exploits12References3
OSV
OSV
added 2020/05/21 3:15 p.m.3 views

CVE-2020-5752

Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...

7.8CVSS7.3AI score0.08607EPSS
Exploits12References3
NVD
NVD
added 2020/05/08 12:15 p.m.10 views

CVE-2020-12006

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control...

9.8CVSS9.7AI score0.03692EPSS
Exploits0References4
NVD
NVD
added 2020/05/08 12:15 p.m.16 views

CVE-2020-12010

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control...

7.1CVSS7.6AI score0.01009EPSS
Exploits0References1
NVD
NVD
added 2020/05/08 12:15 p.m.15 views

CVE-2020-12026

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control...

8.8CVSS9.2AI score0.02312EPSS
Exploits0References2
Prion
Prion
added 2020/05/08 12:15 p.m.18 views

Path traversal

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control...

5.8CVSS7AI score0.01009EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/04/02 11:15 p.m.10 views

CVE-2020-11498

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...

8.8CVSS8.9AI score0.03395EPSS
Exploits1References2
OSV
OSV
added 2020/04/02 11:15 p.m.16 views

CVE-2020-11498

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...

8.8CVSS7.8AI score
Exploits0References2
Prion
Prion
added 2020/04/02 11:15 p.m.11 views

Design/Logic Flaw

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...

8.5CVSS8.9AI score0.03395EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/04/02 10:13 p.m.16 views

CVE-2020-11498

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...

8.9AI score0.03395EPSS
Exploits1References2
CVE
CVE
added 2020/04/02 10:13 p.m.61 views

CVE-2020-11498

CVE-2020-11498 affects Slack Nebula up to version 1.1.0. A relative-path vulnerability in the tunnel drivers tun_darwin.go and tun_windows.go allows a low-privileged attacker to execute code in the context of the root user, with potential user-context execution as well. The issue enables path tra...

8.8CVSS8.9AI score0.03395EPSS
Exploits1References2Affected Software1
ICS
ICS
added 2020/03/24 12:0 a.m.115 views

VISAM Automation Base (VBASE) (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Relative Path Traversal, Incorrect Default Permissions, Inadequate Encryption Strength, Insecure Storage of Sensitive Information, Stack-based Buffer Overflow...

9.8CVSS9.4AI score0.02515EPSS
Exploits0References5
Hacker One
Hacker One
added 2020/01/28 12:43 p.m.32 views

Slack: Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation

Overview The Nebula clients for Darwin and Windows call relative paths in "exec.Command" to "ifconfig" and "route" executables on Darwin, and to "netsh" on Windows. These commands are entered using relative paths, not absolute paths such as /sbin/ifconfig. When a binary is run with a relative pat...

0.9AI score
Exploits0
OSV
OSV
added 2020/01/27 9:15 a.m.5 views

CVE-2018-12476

Relative Path Traversal vulnerability in obs-service-tarscm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise...

7.5CVSS5.8AI score0.01026EPSS
Exploits0References1
Prion
Prion
added 2020/01/27 9:15 a.m.16 views

Path traversal

Relative Path Traversal vulnerability in obs-service-tarscm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise...

6.4CVSS7.4AI score0.01026EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/27 8:30 a.m.28 views

CVE-2018-12476 obs-service-extract_file's outfilename parameter allows to write files outside of package directory

Relative Path Traversal vulnerability in obs-service-tarscm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise...

4.3CVSS7.5AI score0.01026EPSS
Exploits0References1
CVE
CVE
added 2020/01/27 8:30 a.m.125 views

CVE-2018-12476

CVE-2018-12476 affects SUSE/OpenSUSE packages: obs-service-tar_scm in SLE-15/openSUSE Factory. The issue is a Relative Path Traversal via the outfilename parameter that could allow a remote attacker with repository control to overwrite files on the local user’s machine. Affected versions are OBS-...

7.5CVSS5.6AI score0.01026EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder