2192 matches found
Directory Traversal
spring-cloud-config-server is vulnerable to directory traversal. The vulnerability exists as it does not verify that the resources are served from allowed locations. An attacker is able to retrieve and read arbitrary system files using file:// or ../ characters...
CVE-2019-15709
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...
Input validation
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...
CVE-2019-15709
CVE-2019-15709 concerns Fortinet FortiAP-S/W2 (versions 6.2.0–6.2.2, 6.0.5 and below) and FortiAP-U (6.0.1 and below). The issue is an improper input validation in the FortiAP CLI admin console that may allow unauthorized administrators to overwrite system files using specially crafted tcpdump co...
CVE-2019-15709
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...
Arbitrary file deletion vulnerability in beescms
BEESCMS is a scalable content management system CMS based on PHP and MySQL. An arbitrary file deletion vulnerability exists in beescms, which can be exploited by an attacker to delete system files...
Fortinet FortiAP-S, FortiAP-W2 and FortiAP-U Input Validation Error Vulnerability
Fortinet FortiAP-S and others are a controller for managing wireless access point devices from Fortinet. An input validation error vulnerability exists in the FortiAP CLI management console in FortiAP-S, FortiAP-W2, and FortiAP-U. An attacker could exploit this vulnerability to overwrite system...
FortiAP system files overwrite via the tcpdump CLI command
...
Palo Alto Networks PAN-OS 7.1.x < 8.1.13 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.7 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 8.1.13 or 8.0.x prior to 8.1.13 or 8.1.x prior to 8.1.13 or 9.0.x prior to 9.0.7. It is, therefore, affected by a vulnerability. - A predictable temporary file vulnerability in PAN-OS allows a local authenticate...
CVE-2020-13149
Dragon Center (MSI) on MSI Gaming laptops is affected by CVE-2020-13149 due to weak ACLs on the %PROGRAMDATA%\MSI\Dragon Center folder in versions before 2.6.2003.2401. A local authenticated attacker can overwrite system files and escalate privileges, with attack approaches including replacing th...
Arbitrary File Download Vulnerability in AVCON6 System Management Platform of Huaping Information Technology Co.
Huaping Information Technology Co., Ltd. is a provider of video products and applications, mastering video processing, video and audio coding and decoding, and network adaptability. The AVCON6 system management platform of Huaping Information Technology Co., Ltd. suffers from an arbitrary file...
CVE-2020-1994
A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...
CVE-2020-1994
A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...
Command injection
An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affect...
CVE-2020-2003
The CVE-2020-2003 issue affects PAN-OS when an authenticated administrator can exploit an external control of filename vulnerability in the command processing to delete arbitrary system files, compromising integrity and causing DoS of PAN-OS services. Affected are PAN-OS 7.1.x and 8.0.x; 8.1.x be...
CVE-2020-1994
The connected advisories confirm CVE-2020-1994 in PAN-OS: a predictable temporary file vulnerability exploitable by a local authenticated user with shell access, allowing corruption of arbitrary system files and compromising integrity. Affected: PAN-OS 7.1 and 8.0; PAN-OS 8.1 prior to 8.1.13; PAN...
PAN-OS: Predictable temporary file vulnerability
A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...
Cisco NX-OS Software Sensitive File Read Information Disclosure Vulnerability (cisco-sa-20190515-nxos-fxos-info)
According to its self-reported version, Cisco Nexus Operating System NX-OS is affected by following vulnerability - A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX- OS Software could allow an authenticated, local attacker to view sensitive...
CVE-2020-11431
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...
CVE-2020-11431
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal...