CVE-2019-19790

CVE-2019-19790 affects Telerik UI for ASP.NET AJAX RadChart. The vulnerability is a path traversal in RadChart that allows a remote attacker to read and delete image files with extensions .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server via a specially crafted request. Root cau...

CVE-2019-19790

Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart...

PT-2019-15960 · Telerik · Telerik Ui For Asp.Net Ajax

Name of the Vulnerable Software and Affected Versions: Telerik UI for ASP.NET AJAX versions all versions of RadChart Description: The issue allows a remote attacker to read and delete specific image files on the server through a specially crafted request, exploiting path traversal in RadChart. Th...

CVE-2019-0388

SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...

CVE-2019-0388

SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...

Design/Logic Flaw

SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...

CVE-2019-0388

SAP UI5 HTTP Handler corrected in SAPUI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI700 version 2.0 allows an attacker to manipulate content due to insufficient URL validation...

CVE-2019-0388

CVE-2019-0388 affects the SAP UI5 HTTP Handler and is due to insufficient URL validation, enabling an attacker to manipulate content. The vulnerability is addressed by fixes in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 v2.0. Exploitation details are not provided in the connected ...

SAP UI5 HTTP Handler CVE-2019-0388 Unspecified Content Spoofing Vulnerability

Description SAP UI5 HTTP Handler is prone to an unspecified content-spoofing vulnerability. Attackers can exploit this issue to manipulate and spoof content, which may aid in further attacks. Technologies Affected SAP SAPUI5 SAP UI 7.5 SAP UI 7.51 SAP UI 7.52 SAP UI 7.53 SAP UI 7.54 Recommendatio...

openSUSE Security Update : znc (openSUSE-2019-571)

This update for znc fixes the following issues : - Update to version 1.7.1 - CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 - CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

openSUSE Security Update : znc (openSUSE-2018-819)

This update for znc fixes the following issues : - Update to version 1.7.1 - CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 - CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

Security update for znc (moderate)

This update for znc fixes the following issues: - Update to version 1.7.1 CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

Security update for znc (moderate)

This update for znc fixes the following issues: - Update to version 1.7.1 CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

CVE-2018-3628

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet...

Buffer overflow

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet...

CVE-2018-3628

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet...

Kaseya Virtual System Administrator Authenticated Remote File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is required to exploit this vulnerability. The specific flaw exists within the json.ashx HTTP handler, which does not restrict destination file...

CVE-2014-7999

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565...

CVE-2014-7994

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID...

Code injection

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565...