567 matches found
SUSE CVE-2016-6255
Portable UPnP SDK aka libupnp before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler...
JSA10376 - Pulse Policy Secure (PPS) Infranet Controller Webroot Path Disclosure Vulnerability
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. By requesting the 'remediate.cgi' script omitting certain parameters, the embedded IC web server returns the physical path of the webroot '/home/webserver/htdocs/' within an "Execute...
CVE-2022-42972
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 -...
CVE-2022-42972
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 -...
CVE-2022-42972
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 -...
Schneider Electric Easy UPS Online Monitoring Software 安全漏洞
Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from Schneider Electric, a French company. A security vulnerability exists in Schneider Electric Easy UPS Online Monitoring Software, which stems from a Critical Resource Privilege Assignment Incorrect...
CVE-2023-24027
In MISP 2.4.167, app/webroot/js/actiontable.js allows XSS via a network history name...
CVE-2023-24026
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload...
CVE-2022-3184
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory...
Directory traversal
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory...
CVE-2022-3184
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory...
Dataprobe iBoot-PDU 路径遍历漏洞
The Dataprobe iBoot-PDU is a web-accessible managed PDU independently controlled outlet from Dataprobe USA. A path traversal vulnerability exists in the Dataprobe iBoot-PDU FW that stems from its firmware allowing unauthenticated users to access old PHP pages susceptible to directory traversal,...
PT-2022-4840 · Dataprobe · Dataprobe Iboot Pdu
Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 Description: The issue is related to the device's existing firmware, which allows unauthenticated users to access an old PHP page vulnerable to directory traversal. This may enable a user...
CVE-2021-40424
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL...
CVE-2021-40425
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL...
CVE-2021-40425
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL...
CVE-2021-40424
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL...
Design/Logic Flaw
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL...
Design/Logic Flaw
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL...
CVE-2021-40425
An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B03 of Webroot Secure Anywhere 21.4. A specially-crafted executable can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability. An out-of-bounds read vulnerability exists in the IOCTL...