2184 matches found
Docker API Endpoint Path Traversal Vulnerability
Docker is an open source application container engine from the American company Docker. A path traversal vulnerability exists in the Docker API endpoint, allowing remote attackers to exploit the vulnerability by submitting a special request to read system files in the application context...
CVE-2018-7824
An Externally Controlled Reference to a Resource CWE-610 vulnerability exists in Schneider Electric Modbus Serial Driver For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior which could allow write acce...
Spoofing
An Externally Controlled Reference to a Resource CWE-610 vulnerability exists in Schneider Electric Modbus Serial Driver For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior which could allow write acce...
Directory Traversal
algo-httpserv is vulnerable to directory traversal. A lack of validation in the URI allows a remote attacker to inject ../ characters in the URI to retrieve system files such as /etc/passwd, or potentially cause a system crash by accessing /dev/null...
Medium: libqb
Issue Overview: A flaw was found in libqb. Insecure handling of temporary files could be exploited by a local attacker to overwrite privileged system files. Upstream issue: https://github.com/ClusterLabs/libqb/issues/338 Affected Packages: libqb Note: This advisory is applicable to Amazon Linux 2...
Design/Logic Flaw
A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of...
CVE-2019-1728 Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability
A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of...
Node.js third-party modules: [http_server] Path Traversal allowing to read any files on the server
I would like to report path traversal vulnerability in module "httpserver" It allows an attacker to read any files even system files via this path traversal vulnerability. Module module name: httpserver version: 1.0.12 npm page: https://www.npmjs.com/package/httpserver Module Description 一个静态服务器...
Node.js third-party modules: [hnzserver] Path Traversal allowing to read any files on the server
I would like to report path traversal vulnerability in module "hnzserver" It allows an attacker to read any files even system files via this path traversal vulnerability. Module module name: hnzserver version: 2.0.6 npm page: https://www.npmjs.com/package/hnzserver Module Description 静态服务器 means...
CVE-2019-6614
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite...
CVE-2019-6614
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented in appliance mode to overwrite...
CVE-2019-6616
On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode...
CVE-2019-6616
CVE-2019-6616 affects F5 BIG-IP. Administrative users with TMSH access can overwrite critical system files, bypassing appliance-mode whitelist/blacklist restrictions, enabling privilege escalation. Affected versions: BIG-IP 11.5.2–11.5.8, 11.6.1–11.6.3.4, 12.1.0–12.1.4, 13.0.0–13.1.1.4, 14.0.0–14...
CVE-2019-1836
A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-ro...
CVE-2019-1836
A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-ro...
Design/Logic Flaw
A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-ro...
CVE-2019-1836
CVE-2019-1836 affects Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode. The issue is a symbolic link path traversal in the system shell caused by incorrect symbolic-link verification of directory paths, enabling an authenticated, local attacker with valid c...
CVE-2019-1836 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Symbolic Link Path Traversal Vulnerability
A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-ro...
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Symbolic Link Path Traversal Vulnerability
A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-ro...
CVE-2019-1835
A vulnerability in the CLI of Cisco Aironet Access Points APs could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerabili...