CVE-2020-17387

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

USN-4459-1 salt vulnerabilities

It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. CVE-2018-15750 It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to...

Marvell QConvergeConsole Remote Code Execution Vulnerability (CNVD-2020-46344)

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A remote code execution vulnerability exists in the saveAsText method of the...

Marvell QConvergeConsole Remote Code Execution Vulnerability (CNVD-2020-46340)

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A security vulnerability in the decryptFile method of the FlashValidatorServiceImpl class i...

Marvell QConvergeConsole Remote Code Execution Vulnerability (CNVD-2020-46346)

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A remote code execution vulnerability exists in the getFileFromURL method of the...

CentOS Web Panel Code Issue Vulnerability

CentOS Web Panel CWP is a free web hosting control panel. A code issue vulnerability exists in the ajaxmodsecurity.php file in CentOS Web Panel cwp-e version 17.0.9.8.923, which stems from not properly validating user-supplied paths. An attacker could exploit the vulnerability to execute code...

CVE-2020-15623

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

SolarWinds Serv-U FTP Server Input Validation Error Vulnerability

SolarWinds Serv-U FTP Server is a set of U.S. SolarWinds FTP and MFT file transfer software. A security vulnerability exists in SolarWinds Serv-U FTP Server versions prior to 15.2.1 that stems from the server not validating parameter paths. No details of the vulnerability are provided at this tim...

CVE-2020-15543

SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path...

CVE-2020-15543

SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path...

CVE-2020-15543

SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path...

Microsoft Windows Shell Remote Code Execution Vulnerability (CNVD-2021-27712)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Shell is a user-interactive interface based on the Windows platform that...

CVE-2020-1286

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'...

Druva inSync Windows Client 6.6.3 CVE-2020-5752 - Local Privilege Escalation

Druva inSync Windows Client version 6.6.3 suffers from a local privilege escalation vulnerability. Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Date: 2020-05-21 Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage:...

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit

Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....

CVE-2020-1081

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

Directory Traversal

jooby is vulnerable to directory traversal. Lack of path validation allows an attacker to inject ../ characters and access files outside of the web root directory...

dotCMS CMSFilter Authentication Bypass (CVE-2020-6754)

An access control weakness exists in the dotCMS content management system. The vulnerability is due to insufficient path validation in the CMSFilter class...

The vulnerability of the Vijeo Designer Basic and Vijeo Designer software lies in errors during the validation of the paths for loading dynamic libraries. This allows a hacker to execute arbitrary code.

The vulnerability of the Vijeo Designer Basic and Vijeo Designer software lies in errors during the validation of the paths for loading dynamic libraries. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the “go get” command implementation in the Go programming language allows a perpetrator to execute arbitrary code.

The vulnerability of the “go get” command in the Go programming language is related to insufficient validation of input data insufficient checking of the import path when using the “-u” flag. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially create...