Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when runn. (dot dot) in the embedded layer data in an image. ĭirectory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."ĭirectory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a. This might give the attacker the ability to view restricted files, which could provide the attacker with more information r. Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file. This backup file can be tricked to inject special elements such as '.' and '/' separators, for attackers to escape outside of the restricted location to access files or directories. HP NNMI 9.2 PERL FOLDER BACKUP ZIPSAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. (dot dot) in the filename, which is not proper. HP NNMI 9.2 PERL FOLDER BACKUP ARCHIVE(dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.ĭirectory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a. Statics/ueditor/php/vendor/ in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file.ĭirectory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a. The user-controlled file name is not properly sanitized before it is used to create a file system path. This affects the package from 0 and before 1.2.4. /./bin/sh as the parameter.ĭirectory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.ĭirectory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with. The problem occurs via a symlink-exchange attack that relies on a race condition.Ī path traversal flaw was found in Buildah in versions before 1.14.5. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. Runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "./" separators to reference binaries elsewhere on the system. Built-in upload handlers were not affected by this vulnerability.Īn improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Additionally, if (and only if) the default admindocs templates have been cu. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. ĭjango before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via. When using "-userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify. In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the -userns-remap option in which access to remapped root allows privilege escalation to real root.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |