106 matches found
UBUNTU-CVE-2019-10161
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...
CVE-2018-14707
Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations...
CVE-2017-8025
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may upload malicious files via attachments to arbitrary paths on the web server. Impact details are provided in the NVD entry (CVSS components present) and related adv...
Directory traversal
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors...
(Pwn2Own) Microsoft Internet Explorer ActiveX Install Broker Sandbox Escape Vulnerability
This vulnerability allows attackers to escape the Enhanced Protection Mode sandbox of vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
WebJeff Filemanager 1.6 File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7995/info A vulnerability has been reported for Filemanager that may result in the disclosure of arbitrary files. The vulnerability exists due to insufficient sanitization of user-supplied values for URI parameters. A...