Lucene search
K

81 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.4 views

SUSE CVE-2014-5120

gdctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the 1 imagegd, 2 imagegd2, 3 imagegif, 4 imagejpeg, 5...

6.4CVSS7.3AI score0.16934EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:49 a.m.3 views

SUSE CVE-2017-5630

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...

7.5CVSS7AI score0.12513EPSS
Exploits5References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.2 views

SUSE CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS8.2AI score0.02267EPSS
Exploits0References4
OSV
OSV
added 2022/11/08 10:15 p.m.1 views

CVE-2022-34824

Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attack...

9.8CVSS6AI score0.01085EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2022/08/10 7:0 a.m.3 views

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example overwrite the .ssh/authorized_keys file).

...

7.4CVSS7.7AI score0.0165EPSS
Exploits1
OSV
OSV
added 2022/08/02 3:15 p.m.5 views

AZL-10461 CVE-2022-29154 affecting package rsync for versions less than 3.2.5-1

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...

7.4CVSS7.3AI score0.0165EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/07/06 4:0 p.m.3 views

CVE-2022-20813

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...

9CVSS6.5AI score0.01028EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/23 12:0 a.m.6 views

Octobercms 数据伪造问题漏洞

Octobercms is a Php-based Cms website builder from Octobercms, Inc. A data forgery issue vulnerability exists in Octobercms that stems from an input validation error when handling directory traversal sequences in filenames in zip archives. A remote user can upload a specially crafted zip archive...

5.3CVSS5.8AI score0.00634EPSS
Exploits0References5
Prion
Prion
added 2021/08/12 10:15 p.m.11 views

Directory traversal

A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter...

5.5CVSS6.7AI score0.0132EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/03/19 7:15 p.m.6 views

CVE-2021-26990

Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files...

9.1CVSS5.9AI score0.01542EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/11/17 12:0 a.m.5 views

PT-2020-6223 · Pear +6 · Archive Tar +6

Name of the Vulnerable Software and Affected Versions: Archive Tar versions 1.4.10 and earlier Description: The issue is related to the deserialization of untrusted data in the Archive Tar class of the PEAR PHP library. It allows a remote attacker to overwrite protected files using a specially...

8.8CVSS7.8AI score0.84554EPSS
Exploits5References104
OSV
OSV
added 2020/08/18 5:15 p.m.4 views

CVE-2020-14936

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmpoiddecodeoid may overwrite memory areas beyond the provided...

9.8CVSS5.6AI score0.01422EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.3 views

Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.

...

5.8CVSS6.1AI score0.03277EPSS
Exploits0
OSV
OSV
added 2020/07/28 3:15 p.m.6 views

CVE-2020-13915

Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n,...

7.5CVSS7.2AI score0.01897EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/07/09 12:0 a.m.7 views

The vulnerability of the PuTTY encryption protection mechanism, related to key management errors, allows a hacker to overwrite files in the system.

The vulnerability of the PuTTY encryption protection tool is related to key management errors. Exploiting this vulnerability could allow a malicious actor to re-record files within the system remotely...

7.8CVSS7.4AI score0.02447EPSS
Exploits0References6Affected Software4
OSV
OSV
added 2020/06/01 4:15 p.m.2 views

DEBIAN-CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS7.9AI score0.02267EPSS
Exploits0References1
Snyk
Snyk
added 2020/06/01 4:15 p.m.1 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. DISPUTED The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite...

7.5CVSS7.1AI score0.02267EPSS
Exploits0References2
OSV
OSV
added 2020/06/01 4:15 p.m.2 views

UBUNTU-CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS7.3AI score0.02267EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/04/29 12:0 a.m.9 views

The vulnerability of the fstream.DirWriter() function in the fstream package arises from insufficient input validation. This allows attackers to overwrite files in the system.

The vulnerability of the fstream.DirWriter function in the fstream package exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to remotely overwrite files on the system...

7.8CVSS7.2AI score0.02416EPSS
Exploits0References8Affected Software6
BDU FSTEC
BDU FSTEC
added 2019/12/17 12:0 a.m.5 views

The vulnerability of the command-line tools for package managers NPM and Yarn allows a attacker to re-record any files in the target directory.

The vulnerability of the command-line tools for package managers NPM and Yarn exists due to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to rewrite any files in the target directory remotely...

7.7CVSS6.9AI score0.01984EPSS
Exploits0References6Affected Software5
Rows per page
Query Builder