Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the export process. An attacker can write files to arbitrary locations on the filesystem by uploading an asset with a crafted filename containing directory traversal sequences and then triggering an administrator...

CVE-2021-27221

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work...

CVE-2026-3113 mmctl export download command doesn’t restrict permissions to created file to file owner

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to set permissions on downloaded bulk export which allows other local users on the server to be able to read contents of the bulk export.. Mattermost Advisory ID: MMSA-2026-00593...

EUVD-2021-20314

Malware in sbrugna...

EUVD-2018-18190

Malware in sbrugna...

Imported Citrix Policy lists Delivery Group names from source site in the policy filter

If Citrix Policies are exported from a site and imported to a different site, the export caries Delivery Groups from source site in Assign Policy filter. Command to export & import policy Export-BrokerDesktopPolicy | Out-File -FilePath C:\Temp\PolicyExport.txt Import-BrokerDesktopPolicy Get-Conte...

CVE-2021-33637 Export container in a malicious directory may cause process to be hijacked

When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container...

CVE-2021-33637

CVE-2021-33637 describes a vulnerability in iSulad where, when the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container. The Red Hat CVD entry mirrors this description. Several open‑source advisories (...

CVE-2021-27221

MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work...

PT-2021-2491 · Mikrotik · Mikrotik Routeros

Name of the Vulnerable Software and Affected Versions: MikroTik RouterOS version 6.47.9 Description: The issue allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. It is noted that the vendor considers this behavior as intended due to how user...

MikroTik RouterOS 命令注入漏洞

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. A security vulnerability exists in MikroTik RouterOS version 6.47.9 that allows remote authenticated ftp users to...

CVE-2020-10908

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-10908

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-10908

CVE-2020-10908 affects Foxit PhantomPDF 9.7.0.29478. The issue is a type confusion in the Export command handling within the communication API, arising from insufficient validation of user-supplied data. It enables remote code execution in the context of the current process and requires user inte...

Foxit Reader and PhantomPDF Type Obfuscation Remote Code Execution Vulnerability (CNVD-2020-24443)

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A security vulnerability exists in the handling of the Export command in Foxit Reader and Foxit PhantomPDF 9.7.1.29511 and earlier versions for Windows platforms, which stems from the program's failure t...

SDWAN: NITRO API command to export configuration

How to export SDWAN configuration through NITRO API ? Please use the below command to export SDWAN configuration through NITRO API: NOTE: The configuration export NITRO API command is available only from 10.2 build. First login to SDWAN device through NITRO API using below command .Then Export th...

CVE-2018-6433

A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the source to a remote system...

MeshCMS Command Injection Vulnerability

MeshCMS is an online editing system developed by JAVA. The parameter "exportCommand" in the MeshCMS staticexport2.jsp file has command injection. The attacker is able to execute malicious commands...

Internet Access From Virtual Lab

Purpose This article documents how to enable machines operating within the Virtual Lab isolated network to access the internet. Solution The function documented in this KB enables the virtual lab proxy appliance to act as an internet proxy. This proxy function only passes web browser traffic. Thi...