VulnCheck KEV: CVE-2025-20282

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks tha...

EUVD-2019-8364

Malware in sbrugna...

CVE-2025-20282

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks tha...

CVE-2019-18645

The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories...

CVE-2024-34653

Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege...

PT-2024-26073 · M Files · My Files

Name of the Vulnerable Software and Affected Versions: My Files versions prior to SMR Sep-2024 Release 1 Description: The issue allows physical attackers to access directories with My Files' privilege due to a path traversal problem. Recommendations: For versions prior to SMR Sep-2024 Release 1,...

CVE-2021-31153

please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the searchpath function, the --check option, or the -d option...

CVE-2021-1492

The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo...

CVE-2021-1492 Duo Authentication Proxy Installer Denial of Service Vulnerability

The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo...

PT-2020-17248 · Microsoft · Windows Logon

Name of the Vulnerable Software and Affected Versions: Windows Logon versions prior to 4.1.2 Description: The issue allows an attacker with local user privileges to manipulate the installer into writing to arbitrary privileged directories by not properly validating file installation paths. This c...

CVE-2019-18645

The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories...

CVE-2019-18645

The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories...

CVE-2019-18645

CVE-2019-18645 affects Total Defense Anti-virus 11.5.2.28. The quarantine restoration function is susceptible to symbolic link attacks, allowing files to be written to privileged directories. The cited sources consistently describe a local impact enabling modification of privileged targets via th...

TFTP Server TFTPDWin 0.4.2 - Directory Traversal

source: https://www.securityfocus.com/bid/23937/info TFTP Server TFTPDWIN is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to gain read/write access to privileged directories and files. TFT...