Cisco Prime Collaboration Provisioning Tool Arbitrary File Overwrite Vulnerability

Cisco Prime Collaboration Provisioning Tool is a set of Web-based, next-generation communications services tools from Cisco. The tool provides IP communication services capabilities for IP telephony, voice mail and unified communications environments. A security vulnerability exists in the batch...

Input validation

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker coul...

Cisco Prime Collaboration Provisioning Tool System File Overwrite Vulnerability

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker coul...

CVE-2017-7693

Directory traversal vulnerability in viewerscript.jsp in Riverbed OPNET App Response Xpert ARX version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files...

CVE-2017-12694

A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files...

SpiderControl SCADA Web Server Directory Traversal Vulnerability

SCADA Web Server is the software management platform. SCADA Web Server has a directory traversal vulnerability in its implementation that allows an attacker to perform directory traversal of system files via a simple GET request...

Directory Traversal Vulnerability in Extremecom EWEBS Application Virtualization System

ExtremeWire EWEBS Application Virtualization System is a virtual application platform developed primarily for enterprise users. A directory traversal vulnerability exists in the Extremecom EWEBS Application Virtualization System. A remote attacker can exploit this vulnerability to view system fil...

SpiderControl SCADA Web Server

CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: SpiderControl Equipment: SCADA Web Server Vulnerability: Directory Traversal AFFECTED PRODUCTS The following versions of SpiderControl SCADA Web Server, a software management platform, are affected: SCADA Web Server...

UnRAR Directory Traversal Vulnerability

UnRAR is a command line document decompression program for use on Windows and Linux platforms. UnRAR suffers from a directory traversal vulnerability that allows remote attackers to exploit the vulnerability to construct malicious files that can be parsed by the user and can overwrite system file...

Cisco ASR 5000 Series Aggregated Services Routers StarOS Arbitrary File Write Vulnerability

Cisco ASR 5000 Series Aggregated Services Routers are the ASR 5000 Series Aggregated Services Router products from Cisco.StarOS is the set of operating systems that run on them. An arbitrary file write vulnerability exists in StarOS in Cisco ASR 5000 Series Aggregated Services Routers version...

CVE-2017-6774

CVE-2017-6774 affects Cisco ASR 5000 Series Aggregated Services Routers running StarOS. The issue is an arbitrary file write via FTP: sensitive system/configuration files can be overwritten because they are exposed in specific FTP subdirectories. A remote, authenticated attacker could exploit thi...

Directory Traversal Vulnerability in Smart Audi App for Android

Smart Audi APP is a car service software for Audi owner users, providing vehicle physical examination, search navigation, fuel consumption statistics and other services. Wisdom Audi APP Android version has a directory traversal vulnerability, attackers can use the vulnerability to directly downlo...

Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP...

SAP NetWeaver Application Server Java Path Traversal Vulnerability

SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications. A directory traversal vulnerability in scheduler/ui/js/ffffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver AS Java allows remote attackers to submit a...

Dell Storage Manager Directory Traversal Vulnerability

Dell Storage Manager can manage and monitor multiple storage centers, PSeries groups, FluidFS, and more. A directory traversal vulnerability exists in Dell Storage Manager, which allows remote attackers to submit a specially crafted request to view the contents of system files with WEB privileges...

Trend Micro Control Manager Directory Traversal Vulnerability

Trend Micro Control Manager is the centralized management console for managing Trend Micro products and services. A directory traversal vulnerability exists in Trend Micro Control Manager, which could be exploited by remote attackers to submit a specific request to execute arbitrary code or view...

Sendio Local File Inclusion Vulnerability

Sendio is affected by a Local File Inclusion vulnerability that allows an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

Authentication Bypass

Moodle is vulnerable to authentication bypasses. A malicious user can pass a dataroot value to the system to bypass authentication and extract files on the system...

CVE-2016-10399

Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL...

CVE-2016-10399

Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL...