406 matches found
CVE-2021-34762
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to...
CVE-2021-34762
A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to...
CVE-2021-38477
There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files...
Ecoa Technologies Corp Ecoa Bas controller 路径遍历漏洞
ECOA BAS controller is a BAS controller developed by Ecoa Technologies Corp in Taiwan, China. ECOA BAS controller is vulnerable to arbitrary file uploads, which can be exploited to send specially crafted URL requests to the /upload URI with the file name and rbt parameters containing The "dot"...
CVE-2021-3806
A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system...
Path traversal
A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system...
CVE-2021-3806
CVE-2021-3806 describes a path traversal vulnerability in Pardus Software Center’s extractArchive function. An attacker on the same network could leverage this to perform a man-in-the-middle and write files on the system. Reported across multiple sources (NVD entry, CVE listings, and PT-Security ...
Pardus 软件中心 路径遍历漏洞
Pardus is a Turkish Linux distribution. A security vulnerability exists in the center of the Pardus software, which stems from a path traversal vulnerability due to a lack of effective filtering of parameters in the extractArchive feature of the software, which could allow anyone on the same...
PT-2021-21942
Name of the Vulnerable Software and Affected Versions: Pardus Software Center affected versions not specified Description: A path traversal issue in the extractArchive function could allow an attacker on the same network to perform a man-in-the-middle attack and write files on the system...
CVE-2021-37173
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.14.1, RUGGEDCOM ROX RX1400 All versions V2.14.1, RUGGEDCOM ROX RX1500 All versions V2.14.1, RUGGEDCOM ROX RX1501 All versions V2.14.1, RUGGEDCOM ROX RX1510 All versions V2.14.1, RUGGEDCOM ROX RX1511 All versions V2.14.1,...
Path traversal
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket...
PT-2021-4048 · Cisco · Cisco Ios Xr
Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the SSH Server process could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This issue is due to...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-2336)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Aruba Operating System 路径遍历漏洞
Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, Inc. The vulnerability is caused by a failure to effectively validate and filter parameters, which could be exploited by an authenticated...
UBUNTU-CVE-2020-23171
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file...
CVE-2020-23171
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file...
CVE-2021-33211
A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives...
IBM Cognos Analytics 授权问题漏洞
IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A command execution vulnerabili...
CVE-2021-28584
Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is...
Cisco SD-WAN vManage 代码问题漏洞
Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A code issue vulnerability exists in Cisco SD-WAN vManage Software, which could be exploited by an attacker to read or write files in an...