Lucene search
K

111 matches found

ATTACKERKB
ATTACKERKB
added 2022/01/19 8:4 a.m.6 views

CVE-2022-22679

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in support service management in Synology DiskStation Manager DSM before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors...

6.5CVSS6AI score0.01157EPSS
Exploits0References2
OSV
OSV
added 2021/06/23 10:15 a.m.4 views

CVE-2021-29087

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors...

7.5CVSS7.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/06/11 12:0 a.m.4 views

PT-2021-16588 · Unknown · Telephonyui

Name of the Vulnerable Software and Affected Versions: TelephonyUI versions prior to SMR MAY-2021 Release 1 Description: The issue is related to improper access control in TelephonyUI, allowing local attackers to write arbitrary files of the telephony process via untrusted applications. This can ...

6.8CVSS5.4AI score0.0013EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.28 views

Ubuntu Apport 后置链接漏洞

Apport is a toolkit for collecting and giving feedback on error messages information that the operating system finds useful when an application crashes. A security vulnerability exists in Ubuntu Apport that stems from Apport incorrectly handling certain information-gathering operations, which can...

7.3CVSS6AI score0.00289EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.30 views

Ubuntu Apport 后置链接漏洞

Canonical Ubuntu is a GNU/Linux operating system from the British company Canonical that focuses on desktop applications. A security vulnerability exists in Ubuntu Apport that stems from the incorrect handling of certain information gathering operations, which can be exploited by an attacker who...

7.3CVSS6.6AI score0.00289EPSS
Exploits0References3
OSV
OSV
added 2021/05/25 4:52 p.m.21 views

USN-4965-1 apport vulnerabilities

Maik Münch discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use these issues to read and write arbitrary files as an administrator, and possibly escalate privileges...

7.3CVSS6.7AI score0.0039EPSS
Exploits1References12
OSV
OSV
added 2021/05/22 7:15 a.m.2 views

CVE-2021-1306

A vulnerability in the restricted shell of Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is du...

3.4CVSS5.9AI score0.00212EPSS
Exploits0References1
Prion
Prion
added 2021/05/22 7:15 a.m.14 views

Input validation

A vulnerability in the restricted shell of Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is du...

3.6CVSS4.2AI score0.00212EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2021/04/09 6:15 p.m.4 views

CVE-2021-25361

An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications...

8.8CVSS5.9AI score0.00167EPSS
Exploits0References2
OSV
OSV
added 2021/03/24 8:15 p.m.4 views

CVE-2021-1385

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the devic...

6.5CVSS7AI score0.02671EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/12/30 12:0 a.m.6 views

Umbraco 路径遍历漏洞

Umbraco is an open source content management system CMS based on ASP.NET technology. A path traversal vulnerability exists in Umbraco 8.9.1 and earlier versions during package installation. An attacker can use this vulnerability to write arbitrary files outside of the site home directory and...

6.5CVSS5.9AI score0.09369EPSS
Exploits4References5
OSV
OSV
added 2020/12/11 3:15 a.m.3 views

CVE-2020-9301

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...

8.8CVSS5.9AI score0.01504EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2020/11/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-25337

Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370...

7.1CVSS6.4AI score0.02831EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/10/29 12:0 a.m.4 views

The numerous vulnerabilities in the API interface of the WADashboard component of the Advantech WebAccess software allow a perpetrator to write or overwrite any files in the file system.

The multiple vulnerabilities of the API interface of the WADashboard component in the Advantech WebAccess remote monitoring software are related to deficiencies in path validation before its use in file operations. Exploiting these vulnerabilities could allow a malicious actor to read arbitrary...

6.8CVSS5.7AI score0.32367EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/09/10 12:0 a.m.4 views

The vulnerability of the Cisco RoomOS operating system, related to permission handling errors, allows a intruder to write arbitrary files to the device’s file system.

The vulnerability of the Cisco RoomOS operating system is related to permission handling errors. Exploiting this vulnerability allows an attacker to write arbitrary files to the device’s file system with root privileges...

7.2CVSS5.6AI score0.00262EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/03/22 8:29 p.m.3 views

CVE-2019-1765

A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level...

6.5CVSS7AI score0.01391EPSS
Exploits0References1
Prion
Prion
added 2018/06/26 4:29 p.m.27 views

Directory traversal

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...

7.5CVSS9.3AI score0.04499EPSS
Exploits1References4Affected Software3
Cvelist
Cvelist
added 2018/06/26 4:0 p.m.44 views

CVE-2018-1000544

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...

9.3AI score0.04499EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2018/03/28 12:0 a.m.7 views

The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform allows a perpetrator to write arbitrary files and execute arbitrary code.

The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform is related to the improper processing of the Opcode 10010 request. Exploiting this vulnerability allows a remote attacker to write arbitrary files and execute arbitrary code...

7.8CVSS8.2AI score0.12166EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/12/08 4:29 p.m.6 views

CVE-2017-15894

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager DSM 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the destfolderpath parameter...

6.5CVSS5.9AI score0.01974EPSS
Exploits0References1
Rows per page
Query Builder