Lucene search
+L

403 matches found

OpenVAS
OpenVAS
added 2019/09/11 12:0 a.m.40 views

Microsoft .NET Framework Privilege Escalation Vulnerability (KB4514357)

This host is missing an important security update according to Microsoft KB4514357 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

5.5CVSS5.8AI score0.01039EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/08/21 7:9 p.m.22 views

CVE-2019-11601 Path traversal in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software

A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location...

9.1CVSS7.6AI score0.02688EPSS
Exploits0References1
NVD
NVD
added 2019/08/21 6:15 p.m.17 views

CVE-2019-12622

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging i...

5.5CVSS4.7AI score0.00262EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/07/31 11:15 p.m.24 views

CVE-2019-10185

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break o...

8.6CVSS7.2AI score0.04022EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/03 10:45 a.m.34 views

Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2019-3880)

Summary A Samba vulnerability affects IBM Spectrum Scale SMB protocol access method that could allow a remote authenticated attacker to traverse a symbolic link on the system and write files outside the SMB share. Vulnerability Details This vulnerability only affects systems having SMB1 and...

5.5CVSS0.5AI score0.03392EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2019/03/25 8:40 a.m.21 views

Directory Traversal

Caucho Quercus is vulnerable to directory traversal. A remote attacker is able to write files in arbitrary directories via the ../ characters within the pathname in an HTTP request...

5CVSS6.3AI score0.03488EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2019/02/07 6:50 p.m.6 views

USN-3885-1 openssh vulnerabilities

Harry Sintonen discovered multiple issues in the OpenSSH scp utility. If a user or automated system were tricked into connecting to an untrusted server, a remote attacker could possibly use these issues to write to arbitrary files, change directory permissions, and spoof client output...

6.8CVSS7AI score0.58204EPSS
Exploits9References4
Mageia
Mageia
added 2019/01/05 6:30 p.m.31 views

Updated plexus-archiver packages fix security vulnerability

A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or...

5.5CVSS2.2AI score0.13179EPSS
Exploits1References2
CNVD
CNVD
added 2018/11/16 12:0 a.m.2 views

IBM WebSphere Application Server Path Traversal Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A directory traversal vulnerability exists in IBM WAS using...

6.3CVSS6.2AI score0.01951EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/31 12:0 a.m.4 views

CA Unified Infrastructure Management Lack of Authentication Vulnerability

CA Unified Infrastructure Management is a powerful unified IT monitoring solution that helps organizations deliver reliable, flexible IT services. A lack of authentication vulnerability exists in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, which can be exploited by a remote attack...

9.8CVSS9.6AI score0.02681EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/08/27 5:0 p.m.44 views

CVE-2018-15908

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files...

7.8CVSS8AI score0.01916EPSS
Exploits0
OSV
OSV
added 2018/08/27 12:0 a.m.3 views

UBUNTU-CVE-2018-15908

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files...

7.8CVSS5.8AI score0.01916EPSS
Exploits0References4
NVD
NVD
added 2018/08/20 7:31 p.m.17 views

CVE-2018-1000649

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...

8.8CVSS9AI score0.02797EPSS
Exploits1References2
OSV
OSV
added 2018/08/20 7:31 p.m.15 views

CVE-2018-1000648

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...

8.8CVSS7.7AI score
Exploits0References2
Cvelist
Cvelist
added 2018/08/20 7:0 p.m.22 views

CVE-2018-1000648

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...

9AI score0.02797EPSS
Exploits1References2
OSV
OSV
added 2018/08/20 2:29 a.m.4 views

CVE-2018-15573

An issue was discovered in Reprise License Manager RLM through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk as long as rlm.exe has access to it via /goform/editlfprocess with file content in the lfdata parameter and a pathname in the lf parameter. By...

8.8CVSS5.8AI score0.02146EPSS
Exploits3References2
CNVD
CNVD
added 2018/06/06 12:0 a.m.5 views

Jenkins path traversal vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor continuous software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins a long-ter...

8.1CVSS7.8AI score0.02612EPSS
Exploits0References1
Prion
Prion
added 2018/04/13 4:29 p.m.12 views

Design/Logic Flaw

playsservice.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extractfiles...

9.4CVSS9AI score0.01064EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/03/28 10:0 p.m.29 views

CVE-2018-0196

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web...

5.2AI score0.01029EPSS
Exploits0References2
CNVD
CNVD
added 2018/02/26 12:0 a.m.7 views

Linux kernel NFS server (nfsd) file read vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the U.S. The NFS server nfsd is one of the network file system servers. A security vulnerability exists in the NFS server nfsd in versions prior to Linux kernel commit 1995266727fa. A remote...

7.4CVSS7.8AI score0.01411EPSS
Exploits0References1
Rows per page
Query Builder