Path traversal

Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...

CVE-2020-10875

The CVE-2020-10875 entry applies to Motorola FX9500 devices (Zebra FX9500 rebrand). A remote attacker can perform an absolute path traversal, demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. The Red Hat and CNVD entries corroborate the vulnerability description; Tenable p...

CVE-2020-10875

Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp...

EulerOS Virtualization for ARM 64 3.0.2.0 : libarchive (EulerOS-SA-2020-1226)

According to the versions of the libarchive package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - readheader in archivereadsupportformatrar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names i...

SmartClient Absolute Path Information Disclosure Vulnerability

smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . An absolute path information disclosure vulnerability exists in SmartClient 12.0. An unauthenticated attacker can exploit this vulnerability by sending a...

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the transaction parameter, the server replies with a verbose error showing where the application resides the...

Authentication flaw

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the transaction parameter, the server replies with a verbose error showing where the application resides the...

CVE-2020-9351

An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the transaction parameter, the server replies with a verbose error showing where the application resides the...

CVE-2020-9351

Summary of vulnerability (CVE-2020-9351) : In SmartClient 12.0, an unauthenticated attacker can send a POST to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML in the _transaction parameter, causing the server to return a verbose error that reveals the absolute path...

SmartClient 120 Information Disclosure / XML Injection / LFI / Code Execution

Hello, We are informing you about some vulnerabilities we found in SmartClientv120. 1. Description During an analysis on the Isomorphic Smartclient v12 LGPL version, we found multiple security flaws that are here described. The application we tested SmartClientv120p2019-06-13LGPL can be downloade...

CVE-2014-5236

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted 1 OLE Object or 2 image in an OpenDocument text file...

Path traversal

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted 1 OLE Object or 2 image in an OpenDocument text file...

Slack: Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation

Overview The Nebula clients for Darwin and Windows call relative paths in "exec.Command" to "ifconfig" and "route" executables on Darwin, and to "netsh" on Windows. These commands are entered using relative paths, not absolute paths such as /sbin/ifconfig. When a binary is run with a relative pat...

Path traversal

Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2014-1922

Koha’s pdfViewer.pl contains an absolute path traversal vulnerability affecting Koha releases up to 3.8.22, 3.10.x up to 3.10.12, 3.12.x up to 3.12.9, and 3.14.x up to 3.14.2. The flaw allows remote attackers to read arbitrary files via unspecified vectors. Attack is network-based with no authent...

Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2019-2379)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : libarchive (EulerOS-SA-2019-2604)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a fu...

yum security, bug fix, and enhancement update

createrepoc 0.11.0-3 - Backport patch to switch off timestamps on documentation in order to remove file conflicts RhBug:1738788 0.11.0-2 - Consistently produce valid URLs by prepending protocol. RhBug:1632121 - modifyrepoc: Prevent doubling of compression test.gz.gz RhBug:1639287 - Correct pkg...

EulerOS 2.0 SP5 : libarchive (EulerOS-SA-2019-2202)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The readHeader function in archivereadsupportformat7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service...

Ansible: path traversal in the fetch module

A path traversal flaw was found in ansible. The fetch module allows copying and overwriting files outside of the specified destination in the local ansible controller host by not restricting an absolute path. The main threat from this vulnerability is to data confidentiality and integrity...