PT-2021-21942

Name of the Vulnerable Software and Affected Versions: Pardus Software Center affected versions not specified Description: A path traversal issue in the extractArchive function could allow an attacker on the same network to perform a man-in-the-middle attack and write files on the system...

Pardus 软件中心 路径遍历漏洞

Pardus is a Turkish Linux distribution. A security vulnerability exists in the center of the Pardus software, which stems from a path traversal vulnerability due to a lack of effective filtering of parameters in the extractArchive feature of the software, which could allow anyone on the same...

Path traversal

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket...

PT-2021-4048 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the SSH Server process could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This issue is due to...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-2336)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Aruba Operating System 路径遍历漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, Inc. The vulnerability is caused by a failure to effectively validate and filter parameters, which could be exploited by an authenticated...

UBUNTU-CVE-2020-23171

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file...

CVE-2020-23171

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file...

CVE-2021-33211

A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives...

IBM Cognos Analytics 授权问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A command execution vulnerabili...

CVE-2021-28584

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is...

Cisco SD-WAN vManage 代码问题漏洞

Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A code issue vulnerability exists in Cisco SD-WAN vManage Software, which could be exploited by an attacker to read or write files in an...

VMware vRealize Operations Manager 7.5.x / 8.x Multiple Vulnerabilities (VMSA-2021-0004)

The version of VMware vRealize Operations vROps Manager running on the remote web server is 7.5.x prior to 7.5.0.17771878, 8.0.0 prior to 8.0.1.17771851, or 8.1.0 prior to 8.1.1.17772462 or 8.2.0 prior to 8.2.0.17771778 or 8.3.0 prior to 8.3.0.17787340. It is, therefore, affected by a multiple...

Cisco Iox 路径遍历漏洞

Cisco Iox is the U.S. Cisco Cisco a combination of Cisco IOS and Linux OS for secure network connectivity and the development of IOT applications for secure development environment. A security vulnerability exists in the Cisco IOx application, which can be exploited by a remote attacker to conduc...

CVE-2020-4976

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469...

CVE-2020-29026

A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c...

USN-4707-1 tcmu vulnerability

It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request...

uftpd Path Traversal Vulnerability

uftpd is a Linux-based FTP/TFTP file transfer server from the Swedish individual developer Joachim Nilsson. A path traversal vulnerability exists in uftpd FTP server versions 2.7 to 2.10, which stems from multiple unauthenticated directory traversal vulnerabilities in different FTP commands, due ...

Cisco SD-WAN vManage XML External Entity Injection Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An XML external entity injection vulnerability exists in the web UI of Cisco SD-WAN vManage 20.1.12 and earlier. The vulnerability stems from improper handling of XML External Entity XXE...

Directory Traversal

openapi-python-client is vulnerable to directory traversal. An attacker is able to write files on arbitrary locations on disk by generating a client with a malicious OpenAPI document...