Authorization

SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files including script files without the proper file format validation...

Privilege Escalation

github.com/pritunl/pritunl-client-electron is vulnerable to privilege escalation. An attacker may exploit the vulnerability by leveraging on the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM...

Privilege escalation

Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and...

CVE-2020-27519

Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and...

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in the WordPress plugin Backup and Migrate Plugin Backup Guard...

Unrestricted file upload

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file including script files without proper file format validation, leading to Unrestricted File Upload...

CVE-2020-15903

An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3...

CVE-2020-6288

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface allows an attacker with edit document rights to upload any file including script files without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker c...

Design/Logic Flaw

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface allows an attacker with edit document rights to upload any file including script files without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker c...

File Containment Vulnerability in WeLive Online Customer Service System

WeLive online customer service system is a small program, easy to install and use online online customer service system. WeLive Online Customer Service System has a file inclusion vulnerability that can be exploited by an attacker to write arbitrary script files and gain system privileges...

EulerOS 2.0 SP3 : zsh (EulerOS-SA-2019-2684)

According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program...

IBM Cloud Orchestrator Information Disclosure Vulnerability (CNVD-2019-39200)

IBM Cloud Orchestrator is a suite of cloud management solutions from IBM in the United States. The program provides extended internal and external deployment of cloud services and application program interfaces and tools to extend the integration with existing environments and other functions. An...

CVE-2019-4395

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333...

CVE-2019-4395

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333...

CVE-2019-4395

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. IBM X-Force ID: 162333...

Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by ASoC vulnerability (CVE-2019-4395)

Summary IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the ASoC vulnerability. Vulnerability Details CVEID: CVE-2019-4395 DESCRIPTION: IBM Cloud Orchestrator could allow a local user to obtain sensitive information from temporary script files. CVSS Base Score: 4 CVSS...

CVE-2019-0327

SAP NetWeaver for Java Application Server - Web Container, engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5, servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5, allows an attacker to upload files including script files without proper file format validation...

Input validation

SAP BusinessObjects, versions 4.2 and 4.3, Visual Difference allows an attacker to upload any file including script files without proper file format validation...

Design/Logic Flaw

An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line...

Input validation

A vulnerability in the Disk Check Tool disk-check.sh for Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges level 15 to log in to the...