Path traversal

HUAWEI Mate 20 versions earlier than 10.1.0.160C00E160R3P8, HUAWEI Mate 20 X versions earlier than 10.1.0.135C00E135R2P8, HUAWEI Mate 20 RS versions earlier than 10.1.0.160C786E160R3P8, and Honor Magic2 smartphones versions earlier than 10.1.0.160C00E160R2P11 have a path traversal vulnerability...

Microsoft Releases Security Update for Edge

Microsoft has released a security update to address a vulnerability in Edge Chromium-based. A remote attacker could exploit this vulnerability to write files to arbitrary locations and gain elevated privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Path traversal

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

CVE-2020-10696

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

PT-2020-2769 · Red Hat +5 · Buildah +6

Name of the Vulnerable Software and Affected Versions: Buildah versions prior to 1.14.5 Description: A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's syst...

Cisco FXOS Software Input Validation Error Vulnerability

Cisco FXOS Software is a set of firewall software from Cisco that runs in Cisco security appliances. An input validation error vulnerability exists in the CLI in Cisco FXOS Software, which arises from the program failing to perform sufficient input validation. A local attacker could exploit this...

CVE-2020-3166

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system OS. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted...

The vulnerability of the XSLT (Extensible Stylesheet Language Transformations) implementation of the Apache Syncope system allows a attacker to read the file, write to the file, or execute arbitrary code.

The vulnerability of the XSLT Extensible Stylesheet Language Transformations implementation of the Apache Syncope system’s digital identifier management mechanism is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to read files, write files, or...

Cisco Data Center Network Manager REST API Path Traversal Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A REST API path traversal vulnerability exists in Cisco Data Center Network Manage...

CVE-2019-19141

The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as on a default Ubuntu installation...

CVE-2019-15962

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...

CVE-2019-15962

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...

CVE-2019-15962

CVE-2019-15962 describes a local arbitrary file write vulnerability in Cisco TelePresence Collaboration Endpoint (CE) Software. The root cause is improper permission assignment in the CLI, allowing an authenticated, local attacker to log in as the remotesupport user and write files to the /root d...

CVE-2019-4031

IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997...

Microsoft .NET Framework Privilege Escalation Vulnerability (KB4514357)

This host is missing an important security update according to Microsoft KB4514357 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

CVE-2019-11601 Path traversal in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software

A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location...

CVE-2019-12622

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging i...

CVE-2019-10185

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break o...

Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2019-3880)

Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to traverse a symbolic link on the system and write files outside the SMB share. Vulnerability Details This vulnerability only affects systems having SMB1 and...

Directory Traversal

Caucho Quercus is vulnerable to directory traversal. A remote attacker is able to write files in arbitrary directories via the ../ characters within the pathname in an HTTP request...