Lucene search
K

2192 matches found

Veracode
Veracode
added 2020/06/03 3:57 a.m.29 views

Directory Traversal

spring-cloud-config-server is vulnerable to directory traversal. The vulnerability exists as it does not verify that the resources are served from allowed locations. An attacker is able to retrieve and read arbitrary system files using file:// or ../ characters...

7.5CVSS4.8AI score0.95586EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2020/06/01 7:15 p.m.8 views

CVE-2019-15709

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...

6.5CVSS6.6AI score0.01328EPSS
Exploits0References1
Prion
Prion
added 2020/06/01 7:15 p.m.17 views

Input validation

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...

8.5CVSS6.5AI score0.01328EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2020/06/01 6:37 p.m.84 views

CVE-2019-15709

CVE-2019-15709 concerns Fortinet FortiAP-S/W2 (versions 6.2.0–6.2.2, 6.0.5 and below) and FortiAP-U (6.0.1 and below). The issue is an improper input validation in the FortiAP CLI admin console that may allow unauthorized administrators to overwrite system files using specially crafted tcpdump co...

8.5CVSS6.5AI score0.01328EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2020/06/01 6:37 p.m.10 views

CVE-2019-15709

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...

7AI score0.01328EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/01 12:0 a.m.1 views

Arbitrary file deletion vulnerability in beescms

BEESCMS is a scalable content management system CMS based on PHP and MySQL. An arbitrary file deletion vulnerability exists in beescms, which can be exploited by an attacker to delete system files...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/05/26 12:0 a.m.2 views

Fortinet FortiAP-S, FortiAP-W2 and FortiAP-U Input Validation Error Vulnerability

Fortinet FortiAP-S and others are a controller for managing wireless access point devices from Fortinet. An input validation error vulnerability exists in the FortiAP CLI management console in FortiAP-S, FortiAP-W2, and FortiAP-U. An attacker could exploit this vulnerability to overwrite system...

8.5CVSS7AI score0.01328EPSS
Exploits0References1
Fortinet
Fortinet
added 2020/05/25 12:0 a.m.29 views

FortiAP system files overwrite via the tcpdump CLI command

...

8.5CVSS6.4AI score0.01328EPSS
Exploits0Affected Software3
Tenable Nessus
Tenable Nessus
added 2020/05/22 12:0 a.m.23 views

Palo Alto Networks PAN-OS 7.1.x < 8.1.13 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.7 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 8.1.13 or 8.0.x prior to 8.1.13 or 8.1.x prior to 8.1.13 or 9.0.x prior to 9.0.7. It is, therefore, affected by a vulnerability. - A predictable temporary file vulnerability in PAN-OS allows a local authenticate...

4.9CVSS5.4AI score0.00236EPSS
Exploits0References3
CVE
CVE
added 2020/05/18 7:39 p.m.98 views

CVE-2020-13149

Dragon Center (MSI) on MSI Gaming laptops is affected by CVE-2020-13149 due to weak ACLs on the %PROGRAMDATA%\MSI\Dragon Center folder in versions before 2.6.2003.2401. A local authenticated attacker can overwrite system files and escalate privileges, with attack approaches including replacing th...

7.8CVSS7.5AI score0.00449EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2020/05/14 12:0 a.m.1 views

Arbitrary File Download Vulnerability in AVCON6 System Management Platform of Huaping Information Technology Co.

Huaping Information Technology Co., Ltd. is a provider of video products and applications, mastering video processing, video and audio coding and decoding, and network adaptability. The AVCON6 system management platform of Huaping Information Technology Co., Ltd. suffers from an arbitrary file...

7AI score
Exploits0
NVD
NVD
added 2020/05/13 7:15 p.m.19 views

CVE-2020-1994

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...

4.9CVSS4.5AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2020/05/13 7:15 p.m.6 views

CVE-2020-1994

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...

4.4CVSS5.9AI score0.00236EPSS
Exploits0References1
Prion
Prion
added 2020/05/13 7:15 p.m.15 views

Command injection

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affect...

9CVSS7.4AI score0.02755EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/05/13 7:7 p.m.82 views

CVE-2020-2003

The CVE-2020-2003 issue affects PAN-OS when an authenticated administrator can exploit an external control of filename vulnerability in the command processing to delete arbitrary system files, compromising integrity and causing DoS of PAN-OS services. Affected are PAN-OS 7.1.x and 8.0.x; 8.1.x be...

8.5CVSS6.6AI score0.00938EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/05/13 7:7 p.m.77 views

CVE-2020-1994

The connected advisories confirm CVE-2020-1994 in PAN-OS: a predictable temporary file vulnerability exploitable by a local authenticated user with shell access, allowing corruption of arbitrary system files and compromising integrity. Affected: PAN-OS 7.1 and 8.0; PAN-OS 8.1 prior to 8.1.13; PAN...

4.9CVSS4.5AI score0.00236EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2020/05/13 4:0 p.m.56 views

PAN-OS: Predictable temporary file vulnerability

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...

4.4CVSS3.7AI score0.00236EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/05/12 12:0 a.m.28 views

Cisco NX-OS Software Sensitive File Read Information Disclosure Vulnerability (cisco-sa-20190515-nxos-fxos-info)

According to its self-reported version, Cisco Nexus Operating System NX-OS is affected by following vulnerability - A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX- OS Software could allow an authenticated, local attacker to view sensitive...

5.5CVSS5.9AI score0.00309EPSS
Exploits0References8
NVD
NVD
added 2020/05/07 5:15 p.m.9 views

CVE-2020-11431

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...

9.1CVSS9.1AI score0.02091EPSS
Exploits0References4
OSV
OSV
added 2020/05/07 5:15 p.m.4 views

CVE-2020-11431

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...

9.1CVSS5.9AI score0.02091EPSS
Exploits0References4
Rows per page
Query Builder