21139 matches found
CVE-2008-3685
Directory traversal vulnerability in awstmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to upload arbitrary files, and execute arbitrary code, via directory traversal sequences in requests to T...
CVE-2009-3693
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control XUpload.ocx in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. backwards slash dot dot sequences in the third argument to the MakeHttpRequest method...
CVE-2005-0574
Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. dot dot sequences in the URL...
CVE-2000-1229
Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." dot dot sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3...
CVE-2006-2105
Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 null character in the n parameter...
CVE-1999-1590
Directory traversal vulnerability in Muhammad A. Muquit wwwcount Count.cgi 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Incomplete Cleanup and Improper Encoding or Escaping of Output due to Apache Tomcat (CVE-2025-31650 & CVE-2025-31651)
Summary IBM Integration Bus for z/OS is vulnerable to Incomplete Cleanup and Improper Encoding or Escaping of Output due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-31650 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HT...
Improper Neutralization of Escape, Meta, or Control Sequences
Overview Affected versions of this package are vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences via the Hubble CLI terminal output processing. An attacker can manipulate the output to conceal log entries, rewrite output, or make the terminal temporarily unusable by...
K000151397: Apache Tomcat vulnerabilities CVE-2025-31650, CVE-2025-31651
Security Advisory Description CVE-2025-31650 Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger a...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1496)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1559)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1575)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1468)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
BeamClean: Language Aware Embedding Reconstruction
In this work, we consider an inversion attack on the obfuscated input embeddings sent to a language model on a server, where the adversary has no access to the language model or the obfuscation mechanism and sees only the obfuscated embeddings along with the model's embedding table. We propose...
K000151412: Apache Tomcat vulnerability CVE-2025-31650
Security Advisory Description CVE-2025-31650 Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger a...
K000151411: Apache Tomcat vulnerability CVE-2025-31651
Security Advisory Description CVE-2025-31650 Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger a...
[ASA-202505-10] python-django: denial of service
Arch Linux Security Advisory ASA-202505-10 ========================================== Severity: Medium Date : 2025-05-19 CVE-ID : CVE-2025-32873 Package : python-django Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2876 Summary ======= The package python-django...
EulerOS Virtualization 2.12.0 : unbound (EulerOS-SA-2025-1575)
According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that i...
EulerOS Virtualization 2.12.1 : unbound (EulerOS-SA-2025-1559)
According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that i...
Security Bulletin: Vulnerabilities in jQuery, Moment, Jackson-mapper-asl and Red Hat JBoss Enterprise Application Platform might affect IBM Storage Defender Copy Data Management.
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in jQuery, Moment, Jackson-mapper-asl and Red Hat JBoss Enterprise Application Platform. Vulnerabilities include an attacker or a remote attacker could use or exploit these vulnerabilities to steal the victim's...