Input validation

X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths or a leak of OS credentials to a remote system via crafted network packets. This could be used to execute arbitrary commands on the system...

CVE-2019-19606

X-Plane prior to 11.41 contains an OS command injection due to multiple improper path validations. A crafted network packet could cause reading/writing files to arbitrary paths and potentially leak credentials, enabling execution of arbitrary commands. Affected: X-Plane 11.x

CVE-2019-19606

X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths or a leak of OS credentials to a remote system via crafted network packets. This could be used to execute arbitrary commands on the system...

Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal

Exploit Title: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal Date: 2020-03-26 Exploit Author: hongphukt Vendor Homepage: https://www.jinfonet.com/ Software Link: https://www.jinfonet.com/product/download-jreport/ Version: JReport 15.6 Tested on: Linux, Windows Jreport Help function...

DEBIAN-CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

Phar object injection in PHPMailer

PHPMailer versions prior to 6.0.6 and 5.2.27 are vulnerable to an object injection attack by passing phar:// paths into addAttachment and other functions that may receive unfiltered local paths, possibly leading to RCE. See this article for more info on this type of vulnerability. Mitigated by...

Selesta Visual Access Manager Buffer Overflow Vulnerability

Selesta Visual Access Manager VAM is the Selesta Visual Access Manager. A security vulnerability exists in Selesta Visual Access Manager VAM versions 4.15.0 through 4.29, which results from the program failing to check for parameters, destination paths, or extensions used to specify the name of t...

Atlassian Confluence Server Information Disclosure (CVE-2019-3394)

A local file inclusion vulnerability exists in Atlassian Confluence Server. This vulnerability is due to improper validation of file path. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to...

[SECURITY] [DSA 4626-1] php7.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4626-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 17, 2020 https://www.debian.org/security/faq -...

The vulnerability of NVIDIA GeForce, Quadro, and Tesla graphics software lies in errors during the path validation of dynamically loaded libraries, allowing attackers to exploit this to increase their privileges.

The vulnerability of NVIDIA GeForce, Quadro, and Tesla graphics processors’ software is related to errors in checking the path where dynamically loaded libraries are loaded. Exploiting this vulnerability can allow attackers to increase their privileges...

Huawei EulerOS: Security Advisory for yum-utils (EulerOS-SA-2018-1319)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

git: Remote code execution in recursive clones with nested submodules

A flaw was discovered where git improperly validates submodules' names used to construct git metadata paths and does not prevent them from being nested in existing directories used to store another submodule's metadata. A remote attacker could abuse this flaw to trick a victim user into cloning a...

CVE-2019-7289

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information...

CVE-2019-7289

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information...

Design/Logic Flaw

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information...

CVE-2019-7289

The CVE-2019-7289 issue affects Apple Shortcuts for iOS: a parsing flaw in how directory paths are handled could allow a local user to view sensitive information. The root cause is improper path validation. Remediation is available in Shortcuts 2.1.3 for iOS, which addresses the vulnerability by ...

CVE-2019-7289

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information...

D-Link DIR-615 Elevation of Privilege Vulnerability

The D-Link DIR-615 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DIR-615 suffers from an elevation of privilege vulnerability that stems from the program's failure to perform complete validation of file paths and error detection. An attacker can exploit the elevation of...

CVE-2019-1477

An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'...

Advantech WISE-PaaS/RMM Path Traversal Vulnerability

Advantech WISE-PaaS/RMM is an IoT device remote monitoring and management platform. A path traversal vulnerability exists in Advantech WISE-PaaS/RMM 3.3.29 and earlier versions. The vulnerability stems from failure to properly validate a user-supplied path before using it for file operations. An...