Lucene search
K

142 matches found

CNNVD
CNNVD
added 2022/05/12 12:0 a.m.18 views

Cambium Networks cnMaestro 操作系统命令注入漏洞

Cambium Networks cnMaestro is a cloud-based or native software platform from Cambium Networks for secure end-to-end network control. Cambium Networks cnMaestro suffers from an operating system command injection vulnerability. An attacker could exploit this vulnerability to upload specially crafte...

9.3CVSS7.5AI score0.00725EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/05/06 5:15 p.m.3 views

CVE-2022-26070

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0...

4.3CVSS5.9AI score0.00605EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/05/06 5:15 p.m.3 views

CVE-2022-26070

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0...

4.3CVSS5.8AI score0.00605EPSS
Exploits0References1
OSV
OSV
added 2022/04/28 11:15 a.m.5 views

CVE-2021-33436

NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as ...

7.3CVSS7.2AI score0.0027EPSS
Exploits0References4
OSV
OSV
added 2022/03/17 4:15 p.m.2 views

CVE-2022-26526

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

7.8CVSS5.8AI score0.00338EPSS
Exploits1References4
Prion
Prion
added 2022/03/17 4:15 p.m.19 views

Design/Logic Flaw

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

4.6CVSS7.6AI score0.00338EPSS
Exploits1References4Affected Software2
CVE
CVE
added 2022/03/17 2:57 p.m.145 views

CVE-2022-26526

CVE-2022-26526 affects Anaconda3 up to 2021.11.0.0 and Miniconda3 up to 4.11.0.0. A world-writable directory can be created under %PROGRAMDATA% and added to the system PATH when installed in a non-default configuration (for all users and PATH changes). Local users could gain privileges by placing...

7.8CVSS7.6AI score0.00338EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2022/03/17 2:57 p.m.25 views

CVE-2022-26526

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

7.9AI score0.00338EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/03/17 12:0 a.m.3 views

Anaconda Anaconda3和Miniconda3 代码问题漏洞

Anaconda3 and Miniconda3 are both products of Anaconda, Inc. of the U.S. Anaconda3 is a distribution of the Python and R programming languages for scientific computing data science, machine learning applications, large-scale data processing, predictive analytics, etc.. Dedicated to simplifying...

7.8CVSS7.5AI score0.00338EPSS
Exploits1References6
Exploit DB
Exploit DB
added 2022/03/07 12:0 a.m.288 views

Foxit PDF Reader 11.0 - Unquoted Service Path

Exploit Title: Foxit PDF Reader 11.0 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.foxit.com/pdf-reader/ Software Link: https://www.foxit.com/downloads/Foxit-Reader/ Version: 11.0.1.49938 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/02/24 7:15 p.m.5 views

CVE-2022-23135

There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which...

6.5CVSS6.6AI score0.01375EPSS
Exploits0References2
OSV
OSV
added 2022/02/24 7:15 p.m.3 views

CVE-2022-23135

There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which...

6.5CVSS5.8AI score0.01375EPSS
Exploits0References1
Prion
Prion
added 2022/02/09 11:15 p.m.21 views

Privilege escalation

SAP Adaptive Server Enterprise ASE - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The...

4.4CVSS7.7AI score0.00316EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/01/28 12:0 a.m.4 views

Hitachi Energy LinkOne 授权问题漏洞

Hitachi Energy LinkOne is an enterprise graphical parts catalog and content delivery solution from Hitachi Energy, Switzerland. It is used to publish, view and find spare parts for complex equipment and assemblies. A security vulnerability exists in Hitachi Energy LinkOne, which stems from a web...

5.3CVSS5.8AI score0.00669EPSS
Exploits0References5
CNVD
CNVD
added 2022/01/17 12:0 a.m.15 views

ASUS RT-AX56U Path Traversal Vulnerability

ASUS RT-AX56U is a wireless router from ASUS Taiwan, China.A path traversal vulnerability exists in ASUS RT-AX56U, which stems from the insufficient filtering of special characters in URL parameters by the login function of ASUS RT-AX56U, which could be exploited by an unauthenticated LAN attacke...

6.5CVSS4.5AI score0.00452EPSS
Exploits0References1
OSV
OSV
added 2021/08/09 8:42 p.m.15 views

GHSA-PJXV-W3QJ-J8M3 Directory Traversal in elFinder.AspNet

This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...

7.5CVSS7.5AI score0.01732EPSS
Exploits1References4
OSV
OSV
added 2021/07/28 4:15 p.m.13 views

CVE-2021-23415

This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...

7.5CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2021/07/28 4:15 p.m.6 views

CVE-2021-23415

This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...

7.5CVSS0.01732EPSS
Exploits1References2
Prion
Prion
added 2021/07/28 4:15 p.m.18 views

Path traversal

This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...

5CVSS7.5AI score0.01732EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/07/14 5:15 p.m.19 views

CVE-2021-23407

This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path...

7.5CVSS6.8AI score
Exploits0References3
Rows per page
Query Builder