CVE-2025-27092

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...

CVE-2025-27092

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...

CVE-2025-27092

CVE-2025-27092 affects the GHOSTS framework. A path traversal flaw exists in the photo retrieval endpoint at /api/npcs/{id}/photo, where crafted photoLink values can cause directory traversal and expose files outside the intended photo directory. Affected versions are 8.0.0.0 up to 8.2.7.89. The ...

PT-2025-7627 · Ghosts · Ghosts

Name of the Vulnerable Software and Affected Versions: GHOSTS versions 8.0.0.0 through 8.2.7.89 Description: A path traversal vulnerability was discovered in GHOSTS that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint. The vulnerability...

GHOSTS 路径遍历漏洞

GHOSTS is an open source realistic user simulation framework for network experiments, simulations, training and exercises from the Software Engineering Institute. A path traversal vulnerability exists in GHOSTS versions 8.0.0.0 through prior to 8.2.7.90, which stems from the presence of a path...

CVE-2023-38264

CVE-2023-38264 affects IBM SDK, Java Technology Edition ORB (7.1.0.0–7.1.5.21 and 8.0.0.0–8.0.8.21) due to improper enforcement of JEP 290 MaxRef and MaxDepth deserialization filters, enabling potential denial-of-service through unsafe deserialization. The Connected IBM advisories confirm multipl...

PT-2024-19344 · Ibm +1 · Ibm Urbancode Deploy +1

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 7.0 through 7.0.5.19 IBM UrbanCode Deploy versions 7.1 through 7.1.2.15 IBM UrbanCode Deploy versions 7.2 through 7.2.3.8 IBM UrbanCode Deploy versions 7.3 through 7.3.2.3 IBM UrbanCode Deploy UCD - IBM DevOps...

Security Bulletin: IBM UrbanCode Deploy (UCD) is susceptible to a Denial of Serivce vulnerability (CVE-2023-47161)

Summary IBM UrbanCode Deploy UCD may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. Vulnerability Details CVEID:CVE-2023-47161 DESCRIPTION: IBM UrbanCode Deploy UCD may mishandle input validation of an uploaded archive file leadin...

Security Bulletin: Due to use of Netty, IBM® MobileFirst Platform is vulnerable to a denial of service.

Summary Netty is used by IBM® MobileFirst Platform. CVE-2023-34462 Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the SniHandler class. By sending a...

CVE-2022-2249

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0...

Avaya Aura Communication Manager 安全漏洞

Avaya Aura Communication Manager is a comprehensive software foundation for real-time voice and video interactions from Avaya USA. A security vulnerability exists in Avaya Aura Communication Manager versions 8.0.0.0 through 8.1.3.3, prior to 10.1.0.1, which originated from a vulnerability that...

CVE-2022-2975

A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0...

Security Bulletin: OpenSSL (Publicly disclosed vulnerability)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2021-4160 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squari...

CVE-2021-25653

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities AVPU that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU...

CVE-2021-25652

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities AVPU. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be...

CVE-2021-25653

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities AVPU that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU...

CVE-2021-25653 Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities AVPU that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU...

CVE-2021-25652 Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities AVPU. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be...

Avaya Aura Appliance Virtualization Platform Utilities (AVPU) 安全漏洞

Avaya Aura AVPU is an application virtualization platform utility from Avaya, USA. It provides features for the AVP platform, such as AVP alert and log collection, dual-stack support, service access, and out-of-band management. A security vulnerability exists in Avaya Aura Appliance Virtualizatio...

IBM HTTP Server 6.1.0.0 <= 6.1.0.47 / 7.0.0.0 < 7.0.0.39 / 8.0.0.0 < 8.0.0.12 / 8.5.0.0 < 8.5.5.7 HTTP Request Smuggling (533835)

The version of IBM HTTP Server running on the remote host is affected by an HTTP request smuggling vulnerability related to Apache HTTP Server. The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers t...