Lucene search
+L

402 matches found

cnnvd
cnnvd
added 2022/06/02 12:0 a.m.3 views

Dragonfly 参数注入漏洞

Dragonfly is a framework that allows dynamic processing of any content type. A security vulnerability exists in Dragonfly version v1.3.0, which can be exploited by an attacker to read and write arbitrary files...

9.1CVSS8.3AI score0.0104EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2022/05/26 2:0 p.m.10 views

CVE-2022-20809 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

4.3CVSS6.7AI score0.00887EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/05/18 4:0 p.m.7 views

CVE-2022-20806

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

7.1CVSS7AI score0.00899EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/05/18 4:0 p.m.9 views

CVE-2022-20809

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

6.5CVSS6.6AI score0.00887EPSS
Exploits0References2
osv
osv
added 2022/05/09 8:15 a.m.4 views

DEBIAN-CVE-2022-30333

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys file. NOTE: WinRAR and Android RAR are unaffected...

7.5CVSS8AI score0.98975EPSS
Exploits12References1
cnnvd
cnnvd
added 2022/05/09 12:0 a.m.8 views

UnRAR 路径遍历漏洞

UnRAR is a command that decompresses files with an rar suffix.RARLAB A directory traversal vulnerability exists in versions of UnRAR prior to 6.12. The vulnerability stems from a lack of validity checks on paths when processing directory requests, and can be exploited by attackers to write files...

7.5CVSS7.9AI score0.98975EPSS
Exploits12References13
osv
osv
added 2022/04/12 6:15 p.m.4 views

CVE-2022-23160

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files...

4.3CVSS5.8AI score0.00494EPSS
Exploits0References1
osv
osv
added 2022/04/06 7:15 p.m.4 views

CVE-2022-20754

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

7.2CVSS6.2AI score0.03177EPSS
Exploits0References1
osv
osv
added 2022/03/18 6:15 p.m.2 views

CVE-2020-15388

A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files...

6.5CVSS5.9AI score0.00676EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/03/03 12:0 a.m.5 views

CVE-2022-20755

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

9CVSS7.6AI score0.03177EPSS
Exploits0References2
cve
cve
added 2022/02/18 12:55 p.m.101 views

CVE-2022-25299

CVE-2022-25299 affects the cesanta/mongoose package before 7.6. The root cause is unsafe handling of file names during upload via mg_http_upload(), which may allow attackers to write files to arbitrary locations outside the designated target folder. No remediation details are provided in the conn...

9.8CVSS7.7AI score0.01433EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2022/01/12 12:0 a.m.8 views

Jenkins Warnings Next Generation 路径遍历漏洞

Jenkins Warnings Next Generation is Jenkins an open source application plugin . The plugin is used to collect compiler warnings or static analysis tools to report problems and visualize the results . A security vulnerability exists in Jenkins Warnings Next Generation Plugin that allows an attacke...

8.1CVSS7.7AI score0.01886EPSS
Exploits0References6
cnnvd
cnnvd
added 2022/01/12 12:0 a.m.3 views

编号撤回

IBM Planning Analytics is an integrated planning solution that uses echarts data visualization, AI to automate planning, budgeting and forecasting, and drive smarter workflows. IBM Planning Analytics suffers from a path traversal vulnerability that allows all control requests to be submitted in a...

5.7AI score
Exploits0
cnnvd
cnnvd
added 2022/01/04 12:0 a.m.7 views

Apache James 路径遍历漏洞

Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation. Apache James in version 3.6.1 contains a path traversal vulnerability that stems from a failure of a networked system or product to properly filter special...

9.1CVSS5.7AI score0.03706EPSS
Exploits0References4
osv
osv
added 2021/12/20 9:15 p.m.6 views

CVE-2021-35244

The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution...

7.2CVSS6.1AI score0.05769EPSS
Exploits0References4
redhat
redhat
added 2021/11/29 10:40 a.m.4 views

jenkins: Creating symbolic links is possible without the symlink permission

A vulnerability was found in Jenkins which failed to correctly validate permissions. This flaw allowed any user to create symbolic links regardless if they had the symlink permission. It may allow an attacker to read and write to arbitrary files on the Jenkins controller file system...

9.8CVSS5.8AI score0.02034EPSS
Exploits0References5
ncsc
ncsc
added 2021/11/09 12:0 a.m.5 views

Vulnerabilities fixed in Siemens SIMATIC WINCC

Siemens has fixed vulnerabilities in WinCC. A authenticated malicious person could exploit the vulnerabilities to execute a "Path Traversal" and thus appropriate elevated privileges, read and write arbitrary files and manipulate write and thereby manipulate data and/or gain access gain access to...

9.9CVSS7.1AI score0.01233EPSS
Exploits0
cisa_kev
cisa_kev
added 2021/11/03 12:0 a.m.23 views

Atlassian Confluence Server and Data Center Path Traversal Vulnerability

Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution...

9CVSS8.8AI score0.97153EPSS
In wildExploits10
osv
osv
added 2021/10/27 7:15 p.m.6 views

CVE-2021-34762

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to...

8.1CVSS5.9AI score0.01908EPSS
Exploits0References1
osv
osv
added 2021/10/22 12:15 p.m.6 views

CVE-2021-38477

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files...

9.8CVSS7.3AI score0.01083EPSS
Exploits0References1
Rows per page
Query Builder