Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-15645

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10553.

CVE
Open in Source
#vulnerability#pdf#auth

%PDF-1.7 %���� 61 0 obj <> endobj xref 61 27 0000000016 00000 n 0000001242 00000 n 0000001388 00000 n 0000001430 00000 n 0000001832 00000 n 0000001999 00000 n 0000002167 00000 n 0000002334 00000 n 0000002506 00000 n 0000002557 00000 n 0000002608 00000 n 0000002843 00000 n 0000003161 00000 n 0000003401 00000 n 0000003653 00000 n 0000004144 00000 n 0000004859 00000 n 0000005581 00000 n 0000006127 00000 n 0000006871 00000 n 0000007461 00000 n 0000007848 00000 n 0000008518 00000 n 0000069714 00000 n 0000102394 00000 n 0000001075 00000 n 0000000836 00000 n trailer <]/Prev 143301/XRefStm 1075>> startxref 0 %%EOF 87 0 obj <>stream h�b```e``��1 �  ��ea���0c+�*�,˩4-&n*��";� ����Il>�bI���PAC-C71p�AF�c �2-dZ���i� c$SɻG�u�| � ]P�8�����Z������ ����’g8`V�� endstream endobj 86 0 obj <>/Filter/FlateDecode/Index[12 49]/Length 20/Size 61/Type/XRef/W[1 1 1]>>stream h�bb�``b``� �@r� endstream endobj 62 0 obj <>/Metadata 10 0 R/Pages 9 0 R/StructTreeRoot 12 0 R/Type/Catalog/ViewerPreferences 63 0 R>> endobj 63 0 obj <> endobj 64 0 obj <>/MediaBox[0 0 612 792]/Parent 9 0 R/Resources<>/Font<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI]/XObject<>>>/Rotate 0/StructParents 0/Tabs/S/Type/Page>> endobj 65 0 obj <>/BS<>/F 4/Rect[173.9 480.56 395.9 504.37]/StructParent 1/Subtype/Link>> endobj 66 0 obj <>/BS<>/F 4/Rect[195.48 298.29 417.48 322.1]/StructParent 2/Subtype/Link>> endobj 67 0 obj <> endobj 68 0 obj <> endobj 69 0 obj <> endobj 70 0 obj <> endobj 71 0 obj <> endobj 72 0 obj [226 0 0 0 0 0 0 0 303 303 0 0 250 306 252 386 507 507 507 507 507 507 507 507 507 507 268 0 0 0 0 0 0 579 0 533 615 488 0 631 0 252 319 0 0 855 646 662 0 673 543 459 487 642 567 0 0 0 468 0 0 0 0 0 0 479 525 423 525 498 305 471 525 230 0 455 230 799 525 527 525 0 349 391 335 525 452 715 433 453 395] endobj 73 0 obj <> endobj 74 0 obj [226 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 507 507 507 0 0 0 0 0 0 0 276 0 0 0 0 0 0 0 0 0 630 0 0 0 0 0 331 0 0 0 0 676 0 0 0 473 0 653 0 0 0 0 0 0 0 0 0 0 0 494 537 418 537 503 0 474 537 246 0 0 246 813 537 0 537 0 355 399 347 537 0 0 0 474] endobj 75 0 obj <>stream H����K�0�� ��1��.I��蜢0P�� >��ჿ�����̭EW; I����7�:���v���0�l���)M�6�#�����LFir��i�]�Ig#7i�ld������\;��?�COG�s��&��i2`wGiҜ�I�

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE