21265 matches found
CVE-2025-2245
A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...
CVE-2025-2245
A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...
CVE-2025-2245
CVE-2025-2245 describes an SSRF in Bitdefender GravityZone Update Server when in Relay Mode. The HTTP proxy on port 7074 uses a domain allowlist but fails to sanitize hostnames containing null-byte sequences (e.g., evil.com%00.bitdefender.com), allowing an attacker to bypass the allowlist and for...
CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)
A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...
CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)
A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...
Relative Path Traversal
Apache Commons VFS is vulnerable to Relative Path Traversal. The vulnerability is due to improper validation in the resolveFile method, which allows encoded ".." sequences to bypass descendant path restrictions and access unintended files...
SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2025:1126-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1126-1 advisory. - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 - Update t...
PT-2025-14875 · Bitdefender · Bitdefender Gravityzone Update Server
Name of the Vulnerable Software and Affected Versions: Bitdefender GravityZone Update Server affected versions not specified Description: A server-side request forgery SSRF issue exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 707...
Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (January 2025)
Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a...
Security update for tomcat
This update for tomcat fixes the following issues: CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Update to Tomcat 9.0.102 Fixes: launch with java 17 bsc1239676 Catalina Fix: Weak etags in the If-Range header should not match as strong eta...
SUSE-SU-2025:1126-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 - Update to Tomcat 9.0.102 Fixes: + launch with java 17 bsc1239676 Catalina + Fix: Weak etags in the If-Range header should not match as...
Web 3.0 Requires Data Integrity
If you've ever taken a computer security class, you've probably learned about the three legs of computer security--confidentiality, integrity, and availability--known as the CIA triad. When we talk about a system being secure, that's what we're referring to. All are important, but to different...
ABB Cylon Aspect 3.08.01 - Arbitrary File Delete
Exploit Title : ABB Cylon Aspect 3.08.01 - Arbitrary File Delete Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management a...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through the squelette parameter. An attacker can read arbitrary files on the server by submitting specially crafted path traversal sequences. PoC...
GHSA-W34W-FVP3-68XM Yeswiki Path Traversal vulnerability allows arbitrary read of files
Summary The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. The payload ../../../../../../etc/passwd was submitted in the squelette parameter. The requested file was returned in the application's response. Details File path...
Yeswiki Path Traversal vulnerability allows arbitrary read of files
Summary The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. The payload ../../../../../../etc/passwd was submitted in the squelette parameter. The requested file was returned in the application's response. Details File path...
rack: rubygem-rack: Local File Inclusion in Rack::Static
A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...
rack: rubygem-rack: Local File Inclusion in Rack::Static
A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...
rack: rubygem-rack: Local File Inclusion in Rack::Static
A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...
Exploit for CVE-2025-0401
CVE-2025-0401 - Local Privilege Escalation via SUID Binary Abu...