2055 matches found
CVE-2023-3765
MLflow (mlflow/mlflow) prior to version 2.5.0 contains an Absolute Path Traversal vulnerability. The issue arises in an MLflow repository and can lead to unauthorized access to sensitive information stored on the server. According to the connected sources, the affected component is mlflow/mlflow’...
CVE-2023-34968
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the...
CVE-2023-33871 Iagona ScrutisWeb Absolute Path Traversal
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot...
Ubuntu 16.04 ESM : runC vulnerabilities (USN-6088-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6088-2 advisory. USN-6088-1 fixed vulnerabilities in runC. This update provides the corresponding updates for Ubuntu 16.04 LTS. It was discovered that runC incorrectly...
CVE-2023-2765
A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit...
Path traversal
A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit...
CVE-2023-2765
Summary: CVE-2023-2765 affects Weaver OA up to v9.5. The vulnerability is in /E-mobile/App/System/File/downfile.php where manipulating the url parameter causes absolute path traversal, exploitable remotely. Public exploitation has been disclosed; no official patch/version fix details are provided...
CVE-2023-2765 Weaver OA downfile.php absolute path traversal
A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit...
PT-2023-21283 · Weaver Oa · Weaver Oa
Name of the Vulnerable Software and Affected Versions: Weaver OA versions up to 9.5 Description: A problematic issue has been found in the file /E-mobile/App/System/File/downfile.php, where the manipulation of the url argument leads to absolute path traversal. This can be initiated remotely. The...
Weaver E-Office 安全漏洞
Weaver E-Office is a collaborative office system from China's PanWei Technologies Weaver. A security vulnerability exists in Weaver E-Office version 9.5 and earlier versions, which is caused by an incorrect operation of the parameter url that results in absolute path traversal...
EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal) Exploit
Exploit Title: EasyPHP Webserver 14.1 - Multiple Vulnerabilities RCE and Path Traversal Discovery by: Rafael Pedrero Discovery Date: 2022-02-06 Vendor Homepage: https://www.easyphp.org/ Software Link : https://www.easyphp.org/ Tested Version: 14.1 Tested on: Windows 7 and 10 Vulnerability Type:...
EasyPHP Webserver 14.1 Path Traversal / Remote Code Execution
Exploit Title: EasyPHP Webserver 14.1 - Multiple Vulnerabilities RCE and Path Traversal Discovery by: Rafael Pedrero Discovery Date: 2022-02-06 Vendor Homepage: https://www.easyphp.org/ Software Link : https://www.easyphp.org/ Tested Version: 14.1 Tested on: Windows 7 and 10 Vulnerability Type:...
EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal)
Exploit Title: EasyPHP Webserver 14.1 - Multiple Vulnerabilities RCE and Path Traversal Discovery by: Rafael Pedrero Discovery Date: 2022-02-06 Vendor Homepage: https://www.easyphp.org/ Software Link : https://www.easyphp.org/ Tested Version: 14.1 Tested on: Windows 7 and 10 Vulnerability Type:...
CVE-2023-2101
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be...
CVE-2023-2101
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be...
Path traversal
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be...
CVE-2023-2101 moxi624 Mogu Blog v2 uploadPicsByUrl uploadPictureByUrl absolute path traversal
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be...
CVE-2023-2101
The CVE-2023-2101 entry concerns moxi624 Mogu Blog v2 up to 5.2, where the function uploadPictureByUrl (file /mogu-picture/file/uploadPicsByUrl) is vulnerable. The issue arises from manipulating the urlList argument, causing absolute path traversal. This may be exploited remotely, and public disc...
PT-2023-17800 · Unknown · Moxi624 Mogu Blog
Name of the Vulnerable Software and Affected Versions: moxi624 Mogu Blog v2 up to 5.2 Description: A problematic issue has been found in the software, affecting the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolu...
CVE-2023-1176
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2...