21227 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal when routing requests to a backend using a PathPrefix, Path, or PathRegex matcher. An attacker can bypass the middleware chain to access backend services by including traversal sequences like /../ in a request. Detai...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal when routing requests to a backend using a PathPrefix, Path, or PathRegex matcher. An attacker can bypass the middleware chain to access backend services by including traversal sequences like /../ in a request. Detai...
Scalable APT Malware Classification Via Parallel Feature Extraction and GPU-Accelerated Learning
This paper presents an underlying framework for both automating and accelerating malware classification, more specifically, mapping malicious executables to known Advanced Persistent Threat APT groups. The main feature of this analysis is the assembly-level instructions present in executables whi...
📄 WordPress 123pan Cloud Storage 1.0 File Deletion / Shell Upload / Injection
WordPress 123pan Cloud Storage plugin version 1.0 suffers from token handling, remote shell upload, file deletion, and HTTP header injection vulnerabilities. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title WordPress 123pan Cloud Storage Plugin - Multiple...
Slackware: Security Advisory (SSA:2025-109-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Path Traversal in Gnu Mailman
CVE-2025-43919: Directory Traversal in GNU Mailman 2.1.39 cPa...
[slackware-security] zsh
New zsh packages are available for Slackware 15.0 to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/zsh-5.9-i586-1slack15.0.txz: Upgraded. This release fixes a security issue in zsh-5.8: Some prompt expansion sequences, such as %F, support 'argument...
curl: Path Traversal Vulnerability in curl via Unsanitized IPFS_PATH Environment Variable
A path traversal vulnerability exists in curl versions with IPFS support 7.81.0+. The IPFSPATH environment variable is not properly sanitized, allowing attackers to read arbitrary files by manipulating directory traversal sequences e.g., ../../../../etc. This flaw enables leakage of sensitive dat...
Detecting Zero-Day Web Attacks with an Ensemble of LSTM, GRU, and Stacked Autoencoders
The rapid growth in web-based services has significantly increased security risks related to user information, as web-based attacks become increasingly sophisticated and prevalent. Traditional security methods frequently struggle to detect previously unknown zero-day web attacks, putting sensitiv...
Exploit for Path Traversal in Ollama
Ollama CVE-2024-45436 Exploit A clean and efficient exploit i...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value...
OpCode-Based Malware Classification Using Machine Learning and Deep Learning Techniques
This technical report presents a comprehensive analysis of malware classification using OpCode sequences. Two distinct approaches are evaluated: traditional machine learning using n-gram analysis with Support Vector Machine SVM, K-Nearest Neighbors KNN, and Decision Tree classifiers; and a deep...
Amazon Linux 2 : pcs (ALAS-2025-2822)
The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2822 advisory. Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type...
CVE-2025-24908
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...
CVE-2025-24907
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...
CVE-2025-24907 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...
CVE-2025-24907
CVE-2025-24907 concerns Hitachi Vantara Pentaho Data Integration & Analytics. Affected versions are before 10.2.0.2, including 9.3.x and 8.3.x. The issue arises because user input used as a file path through the CGG Draw API is not properly neutralized, allowing doubled triple-dot sequences ('......
CVE-2025-24907 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...
CVE-2025-24908
The CVE affects Hitachi Vantara Pentaho Data Integration & Analytics, prior to version 10.2.0.2 (including 9.3.x and 8.3.x). The root cause is that the UploadFile input used to build file paths is not properly sanitized against sequences like '.../...//', allowing a path traversal outside the res...
CVE-2025-24908 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...