A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.
A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.
A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initializ
A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.
A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges.
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and ac
A remote attacker with high privileges may use a reading file function to inject OS commands.
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.
The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.
A remote attacker with high privileges may use a deleting file function to inject OS commands.
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system pat
A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that caus
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system.
A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP.
A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unaut
A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in o
A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authent
Page 1+ Next →