Logo
Retour à la veille

CVE-2026-9775

Publié : 24 juin 2026
Modifié : 24 juin 2026
Lien officiel NVD
Score CVSS
5.5
MEDIUM

Description détaillée

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadSSL method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files or create a denial-of-service condition on the system. Was ZDI-CAN-28503.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Références et Patchs

https://www.aten.com/global/en/supportcenter/info/security-advisory/28/https://www.zerodayinitiative.com/advisories/ZDI-26-379/

Dernières Vulnérabilités

CVE-2026-9155

OS Command Injection vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the expression parameter due to insufficient input validation.

VOIR DÉTAILS

CVE-2026-9154

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter.

VOIR DÉTAILS

CVE-2026-9153

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

VOIR DÉTAILS