Lucene search
K

91 matches found

NVD
NVD
added 2024/03/21 11:15 p.m.15 views

CVE-2024-28171

It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten...

8.1CVSS8.1AI score0.00646EPSS
Exploits0References1
Prion
Prion
added 2024/02/02 12:15 a.m.25 views

Privilege escalation

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation...

4.3CVSS7.2AI score0.00159EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/04 12:0 a.m.4 views

PT-2023-15475 · Imo.Im · Imo.Im

Name of the Vulnerable Software and Affected Versions: imo.im version 2022.11.1051 Description: A path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library...

9.8CVSS9.4AI score0.00956EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2023/04/19 12:0 a.m.326 views

VMware Workspace ONE Access Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22960', 'Description' = %q This module exploits CVE-2022-22960 which allows the user to overwrite the...

7.8CVSS8.7AI score0.37171EPSS
Exploits8
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.3 views

SUSE CVE-2017-10688

In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tifdirwrite.c. A crafted input will lead to a remote denial of service attack...

7.5CVSS6.8AI score0.06721EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.3 views

PT-2023-1328 · Atlassian · Jira Service Management Server

Name of the Vulnerable Software and Affected Versions: Jira Service Management Server and Data Center versions 5.3.0 through 5.5.0 Description: An authentication issue in Jira Service Management Server and Data Center allows an attacker to impersonate another user and gain access to a Jira Servic...

9.4CVSS9.9AI score0.15978EPSS
Exploits0References14
NVD
NVD
added 2022/12/22 8:15 p.m.28 views

CVE-2022-22753

A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected.. This...

7.1CVSS0.00632EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.15 views

OFFIS DCMTK 路径遍历漏洞

OFFIS DCMTK is a collection of libraries and applications from OFFIS Germany that implement most of the DICOM standards. Software for examining, building and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...

9.8CVSS7.6AI score0.02846EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/01/14 12:0 a.m.50 views

Samba 4.13.x < 4.13.16 Arbitrary Directory Write

The version of Samba running on the remote host is 4.13.x prior to 4.13.16. It is, therefore, potentially affected by a SMB1 or NFS symlink race condition. A remote authenticated attacker, using the race condition, could potentially create a directory outside of the exported share. Note that Ness...

2.5CVSS6.3AI score0.00376EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/12/27 12:0 a.m.3 views

PT-2021-24298 · Unknown · Metersphere

Name of the Vulnerable Software and Affected Versions: Metersphere version 1.15.4 Description: An arbitrary file upload issue was discovered, allowing unauthenticated users to upload files to any directory. This could enable attackers to write a cron job for command execution. Recommendations: Fo...

9.8CVSS9.6AI score0.01858EPSS
Exploits1References3
NVD
NVD
added 2021/01/20 7:15 p.m.21 views

CVE-2020-6024

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users...

7.8CVSS7.7AI score0.00265EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/01/20 6:17 p.m.30 views

CVE-2020-6024

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users...

7.8AI score0.00265EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/06/09 12:0 a.m.5 views

The vulnerability of the FTP server of the Internet Information Services network services on the XP-8741-Atom industrial controller allows a hacker to perform write operations on the root directory of the FTP server.

The vulnerability of the FTP server of the Internet Information Services network services on the XP-8741-Atom controller is due to deficiencies in the access restrictions for the anonymous user. Exploiting this vulnerability allows a malicious actor to perform write operations to the root directo...

4.9CVSS5.5AI score
Exploits0Affected Software1
CNVD
CNVD
added 2020/04/03 12:0 a.m.4 views

B&R Automation Automation Studio Path Traversal Vulnerability

B&R Automation Automation Studio is an automation control system. A path traversal vulnerability exists in B&R Automation Automation Studio, which can be exploited by an attacker to write to certain local directories...

7.5CVSS6.8AI score0.01246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/03/27 8:13 a.m.47 views

CVE-2020-10691

An archive traversal flaw was found in Ansible Engine when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system. Mitigation A possibl...

5.2CVSS2.9AI score0.00358EPSS
Exploits0References3
OSV
OSV
added 2019/02/20 3:29 a.m.8 views

DEBIAN-CVE-2019-8943

WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring...

6.5CVSS7AI score0.91985EPSS
Exploits9References1
CNVD
CNVD
added 2019/02/20 12:0 a.m.8 views

WordPress path traversal vulnerability (CNVD-2019-31837)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress suffers from a path traversal vulnerability. An attacker can exploit this vulnerability to write an...

6.5CVSS6.9AI score0.91985EPSS
Exploits9References1
Cvelist
Cvelist
added 2018/10/30 6:0 a.m.26 views

CVE-2018-18831

An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file in the position parameter to an arbitrary directory via a ../ Directory Traversal in the url parameter...

7.5AI score0.01543EPSS
Exploits0References1
NVD
NVD
added 2018/09/12 1:29 p.m.20 views

CVE-2018-13806

A vulnerability has been identified in SIEMENS TD Keypad Designer All versions. A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access...

9.3CVSS7.7AI score0.01439EPSS
Exploits0References1
OSV
OSV
added 2018/05/10 2:29 a.m.3 views

ALPINE-CVE-2018-10963

The TIFFWriteDirectorySec function in tifdirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service assertion failure and application crash via a crafted file, a different vulnerability than CVE-2017-13726...

6.5CVSS6.8AI score0.03765EPSS
Exploits1References1
Rows per page
Query Builder