Lucene search
K

5 matches found

OSV
OSV
added 2020/08/31 5:15 p.m.2 views

CVE-2020-7521

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of FileUploadServlet which may lead to uploading executable files to non-specified directories...

9.8CVSS7.3AI score0.01659EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2018/05/17 12:0 a.m.4 views

Cisco Prime File Upload Servlet Remote Code Execution (CVE-2018-0258)

A remote code execution vulnerability has been reported in Cisco Prime File Upload Servlet. This is due to improper input validation of the parameters in the HTTP request and a processing error in the role-based access control RBAC of URLs. A remote attacker could exploit this vulnerability by...

10CVSS9.7AI score0.49867EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.5 views

UberFire: Information disclosure and RCE via insecure file upload/download servlets

It was discovered that the default implementation of FileUploadServlet and FileDownloadServlet provided by the UberFire Framework did not restrict the paths to which a file could be written or read from. In applications using this framework and exposing these servlets, a remote attacker could gai...

6.8CVSS6.2AI score0.03101EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.6 views

UberFire: Information disclosure and RCE via insecure file upload/download servlets

It was discovered that the default implementation of FileUploadServlet and FileDownloadServlet provided by the UberFire Framework did not restrict the paths to which a file could be written or read from. In applications using this framework and exposing these servlets, a remote attacker could gai...

6.8CVSS6.2AI score0.03101EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2015/01/13 12:0 a.m.34 views

Lexmark MarkVision Enterprise - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Lexmark MarkVision Enterprise Arbitrary File Upload', 'Description' = %q This module exploits a code execution flaw in Lexmark...

10CVSS7.4AI score0.77198EPSS
Exploits6
Rows per page
Query Builder