EUVD-2020-28647

Malware in sbrugna...

CVE-2020-7522

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of SoundUploadServlet which may lead to uploading executable files to non-specified directories...

CVE-2020-7522

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of SoundUploadServlet which may lead to uploading executable files to non-specified directories...

CVE-2020-7522

CVE-2020-7522 is a path traversal vulnerability in Schneider Electric APC Easy UPS On‑Line Software (SFAPV9601) before v2.1, affecting the SoundUploadServlet. The issue allows uploading executable files to non‑specified directories, potentially enabling remote code execution. Public references (Z...

Schneider Electric APC Easy UPS On-Line SoundUploadServlet Path Traversal Vulnerability

The Schneider Electric APC Easy UPS On-Line is a UPS solution. A path traversal vulnerability exists in the Schneider Electric APC Easy UPS On-Line SoundUploadServlet, which can be exploited by a remote attacker to submit a special request to upload any file to any directory...

Schneider Electric APC Easy UPS Online SoundUploadServlet processRequest Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SoundUploadServlet class. When parsing the filename parameter...