2055 matches found
Path traversal
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/selecttempletspost.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifie...
CVE-2023-5022 DedeCMS select_templets_post.php absolute path traversal
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/selecttempletspost.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifie...
CVE-2023-5022
The CVE-2023-5022 entry describes a path-traversal flaw in DedeCMS up to 5.7.100, exploitable via the activepath parameter in the file /include/dialog/select_templets_post.php. The root cause is an absolute path traversal in the activepath handling, leading to potential unauthorized file access. ...
CVE-2023-5022 DedeCMS select_templets_post.php absolute path traversal
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/selecttempletspost.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifie...
Oracle Linux 5 : gcc (ELSA-2011-0025)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0025 advisory. - fix up fastjar directory traversal bugs CVE-2010-0831 Tenable has extracted the preceding description block directly from the Oracle Linux security...
CVE-2023-2453
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘requireonce’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known...
CVE-2023-40597
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk...
CVE-2023-40597
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk...
Path traversal
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk...
CVE-2023-40597
CVE-2023-40597 affects Splunk Enterprise if running versions before 8.2.12, 9.0.6, or 9.1.1. The vulnerability is an absolute path traversal in the runshellscript.py component that enables an attacker to execute arbitrary code located on a separate disk. Exploitation results in a high impact acro...
CVE-2023-40597 Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk...
SUSE CVE-2023-40590
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...
Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0806)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0806 advisory. - In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to...
GHSA-WFM5-V35H-VWF4 GitPython untrusted search path on Windows systems leading to arbitrary code execution
Summary When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment see big warning in https://docs.python.org/3/library/subprocess.htmlpopen-constructor. GitPython defaults to use the git command, if a user runs GitPython from a repo has a...
PYSEC-2023-161
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...
PYSEC-2023-161
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...
PT-2023-4751 · Gitpython +1 · Gitpython +1
Name of the Vulnerable Software and Affected Versions: GitPython affected versions not specified Description: The issue is related to how Python interacts with Windows systems, specifically when resolving a program. GitPython defaults to use the git command, and if a user runs it from a repositor...
Obsidian 路径遍历漏洞
Obsidian is a knowledge base for local Markdown files from the Obsidian community. A security vulnerability exists in Obsidian version 1.2.8, which stems from incorrect path handling and will allow penetration of a remote web server via app://local/...
CVE-2023-40338
A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller fi...
GHSA-36HQ-V2FC-RPQP Jenkins Folders Plugin information disclosure vulnerability
Jenkins Folders Plugin displays an error message when attempting to access the Scan Organization Folder Log if no logs are available. In Folders Plugin 6.846.v23698686f0f6 and earlier, this error message includes the absolute path of a log file, exposing information about the Jenkins controller...