KubeVirt Vulnerable to Arbitrary Host File Read and Write

Summary The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, the implementation of this feature and more specifically the DiskOrCreate option which creates a file if it doesn't exist, has a logic bug that allows an attacker t...

AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access

The plugin does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory...

LogiSphere 0.9.9 j - viewsource.jsp?source Traversal Arbitrary File Access

LogiSphere 0.9.9 j - viewsource.jsp?source Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15807/info LogiSphere is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...