Lucene search
K

38 matches found

NVD
NVD
added 2026/04/27 9:16 p.m.4 views

CVE-2026-3087

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

7.5CVSS0.00531EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-7282

Malware in sbrugna...

7.8CVSS7.8AI score0.01195EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-3483

Malware in sbrugna...

5CVSS6.4AI score0.01175EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/21 8:23 p.m.6 views

CVE-2006-3488

Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim...

5CVSS7.3AI score0.01175EPSS
Exploits0References1
Citrix
Citrix
added 2023/09/04 12:0 a.m.9 views

How to specify the drive letter for the MCSIO Write Cache disk

Setting a specific Windows Drive letter to the disk created by the MCS Write Cache mechanism MCS IO / MCSWCDisk...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:44 a.m.3 views

SUSE CVE-2017-9502

In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with sev...

5.3CVSS7.1AI score0.03287EPSS
Exploits0References3
Citrix
Citrix
added 2022/10/28 12:0 a.m.9 views

A System Reserved partition is visible in a vDisk when it is created using the Imaging Wizard.

Using the Imaging Wizard a new vDisk is created. A drive letter is assigned to the System Reserved partition and it is visible in the new vDisk. It is expected behavior by design. The System Reserved partition should be invisible to users. Before publishing the vDisk to target devices, the drive...

7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2021/10/21 3:15 p.m.96 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.2AI score0.0434EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2021/10/21 2:46 p.m.32 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS8.3AI score0.0434EPSS
Exploits0
Citrix
Citrix
added 2021/09/01 12:0 a.m.11 views

Explaining and Troubleshooting WriteCache Disk Drive Letter Assignment

This article explains the process involved on drive letter assignments for target devices and how to troubleshoot writecache drive letter changes. Background Mount Manager is the component responsible for managing volume names and drive letter assignments on windows. It has a database that is...

6.8AI score
Exploits0
AlpineLinux
AlpineLinux
added 2021/08/31 4:50 p.m.38 views

CVE-2021-37713

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...

8.6CVSS8.8AI score0.01263EPSS
Exploits0
Citrix
Citrix
added 2020/04/06 12:0 a.m.8 views

PVS Detach and Attach Write Cache Disk Drive Letter Changed

Detach and attach write cache disk,TD drive letter changes...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2020/02/15 11:5 a.m.30 views

Internet Bug Bounty: PHP builded for Windows with TS support does not resolve relalative paths with drive letter correctly

Currently PHP process Windows paths like C:Users as if they were absolute. But they are not and PHP builded with TS thread-safe support currently points to root drive location instead of the current directory. This gives the attaker unlimited access to the root drive if a the path is...

6.9AI score
Exploits0
Prion
Prion
added 2017/10/03 1:29 a.m.24 views

Directory traversal

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges...

7.2CVSS7.1AI score0.01195EPSS
Exploits1References6Affected Software3
NVD
NVD
added 2017/10/03 1:29 a.m.24 views

CVE-2015-7358

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges...

7.8CVSS7.7AI score0.01195EPSS
Exploits1References6
CVE
CVE
added 2017/10/02 7:0 p.m.88 views

CVE-2015-7358

CVE-2015-7358 affects TrueCrypt 7.0, VeraCrypt (before 1.15), and CipherShed; the IsDriveLetterAvailable check in the Windows driver (Driver/Ntdriver.c) fails to validate drive-letter symbolic links, enabling a local attacker to remap a system drive and gain full privileges via the GLOBAL?? entry...

7.8CVSS7.6AI score0.01195EPSS
Exploits1References6Affected Software3
Cvelist
Cvelist
added 2017/10/02 7:0 p.m.21 views

CVE-2015-7358

The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges...

7.7AI score0.01195EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2017/08/01 12:0 a.m.143 views

Microsoft Windows LNK Shortcut File Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LNK Remote Code Execution Vulnerability', 'Description' = %q This module exploits a vulnerability in the handling of Windows Shortcut files .LNK...

9.3CVSS6.4AI score0.90026EPSS
Exploits27
curl security advisories
curl security advisories
added 2017/06/14 8:0 a.m.7 views

URL file scheme drive letter buffer overflow

When libcurl is given either 1. a file: URL that does not use two slashes following the colon, or 2. is told that file is the default scheme to use for URLs without scheme ... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcurl would copy the path...

5.3CVSS6.2AI score0.03287EPSS
Exploits0Affected Software2
OSV
OSV
added 2017/06/14 8:0 a.m.9 views

CURL-CVE-2017-9502 URL file scheme drive letter buffer overflow

When libcurl is given either 1. a file: URL that does not use two slashes following the colon, or 2. is told that file is the default scheme to use for URLs without scheme ... and the given path starts with a drive letter and libcurl is built for Windows or DOS, then libcurl would copy the path...

5.3CVSS5.3AI score0.03287EPSS
Exploits0
Rows per page
Query Builder