Lucene search
K

56 matches found

OSV
OSV
added 2022/04/09 8:15 p.m.5 views

CVE-2022-1287

A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=saveuser. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not requir...

9.8CVSS6.9AI score0.00707EPSS
Exploits0References1
OSV
OSV
added 2021/10/18 1:15 p.m.3 views

CVE-2021-22961

A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution...

9.8CVSS7.8AI score0.01671EPSS
Exploits0References1
NVD
NVD
added 2021/10/18 1:15 p.m.11 views

CVE-2021-22961

A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution...

9.8CVSS0.01671EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/18 12:0 a.m.4 views

GlassWire 代码注入漏洞

GlassWire is a firewall software. A code injection vulnerability exists in GlassWire version 2.1.167, which arises from arbitrary code execution from a file in a user's path when the program is first executed...

9.8CVSS9.1AI score0.01671EPSS
Exploits0References2
OSV
OSV
added 2021/07/08 4:15 p.m.2 views

CVE-2020-20586

A cross site request forgery CSRF vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password...

4.5CVSS5.3AI score0.00512EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2021/04/08 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-2380

SAP Customer Relationship Management CRM contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users...

6.6CVSS7AI score0.28892EPSS
Exploits5References1
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.6 views

NETGEAR ProSAFE Network Management System 代码问题漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A code issue vulnerability exists in the NETGEAR ProSAFE Network Management System, which arises from a failure to properly validate a...

10CVSS8.5AI score0.08167EPSS
Exploits0References4
Hacker One
Hacker One
added 2020/10/14 1:17 p.m.11 views

Acronis: DLL Hijacking when sending feedback and crash report leading to Privilege Escalation

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2020/10/10 6:24 p.m.10 views

Acronis: DLL Hijacking when performing operations in Acronis Secure Zone partition leading to Privilege Escalation

Vulnerability description not provided...

7.1AI score
Exploits0
OSV
OSV
added 2020/06/30 5:15 p.m.4 views

CVE-2020-13095

Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root...

8.8CVSS7.4AI score0.01891EPSS
Exploits0References1
OSV
OSV
added 2020/06/15 6:15 p.m.11 views

CVE-2020-14149

In uftpd before 2.12, handleCWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command...

7.5CVSS6.9AI score0.02316EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/04/29 12:0 a.m.8 views

Linux: Strictly define variable user PATH variable

The requirement aims to prevent system commands from being replaced by malicious commands, ensuring that system commands can be executed securely. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

7.5AI score
Exploits0
OSV
OSV
added 2018/01/21 10:29 p.m.4 views

CVE-2018-5955

An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI...

9.8CVSS5.8AI score0.80982EPSS
Exploits9References2
RedHat Linux
RedHat Linux
added 2011/07/25 9:40 p.m.5 views

systemtap: insufficient security check when loading uprobes kernel module

runtime/staprun/staprunfuncs.c in the systemtap runtime tool staprun in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search pat...

4.4CVSS5.8AI score0.0052EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2009/11/25 3:53 p.m.11 views

PDFs on IE8 Can Disclose User Path Info

Using Internet Explorer and a virtual PDF generator to print a PDF file from a HTML page causes the document’s entire storage path, for example file://C:UsersdabDownloadsdocument.pdf, to be stored in the document itself. Read the full article. The H Security...

Exploits0References2
CVE
CVE
added 2000/06/02 4:0 a.m.66 views

CVE-2000-0231

The CVE-2000-0231 entry describes a vulnerability in Linux kreatecd where a user-supplied path is trusted to locate the cdrecord program. This allows local users to gain root privileges due to the underlying trust in an attacker-controlled path. Affected component: kreatecd (Linux). Root cause: t...

7.2CVSS6.9AI score0.00773EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder