Lucene search
K

66 matches found

OSV
OSV
added 2021/01/12 9:15 a.m.5 views

UBUNTU-CVE-2021-23239

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...

2.5CVSS6.8AI score0.01029EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2021/01/12 12:0 a.m.33 views

CVE-2021-23239

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...

2.5CVSS6AI score0.01029EPSS
Exploits1
CVE
CVE
added 2021/01/12 12:0 a.m.383 views

CVE-2021-23239

The CVE-2021-23239 entry concerns the sudoedit personality in sudo up to version 1.9.4 (before 1.9.5). A race condition in sudoedit (sudo_edit.c) can allow a local, unprivileged user to determine directory existence by substituting a user-controlled directory with a symlink to an arbitrary path, ...

2.5CVSS5.5AI score0.01029EPSS
Exploits1References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/01/12 12:0 a.m.33 views

FreeBSD : sudo -- Potential information leak in sudoedit (6193b3f6-548c-11eb-ba01-206a8a720317)

Todd C. Miller reports : A potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before...

2.5CVSS6.8AI score0.01029EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2021/01/12 12:0 a.m.52 views

CVE-2021-23239

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...

2.5CVSS6AI score0.01029EPSS
Exploits1
CNNVD
CNNVD
added 2021/01/11 12:0 a.m.8 views

Sudo Backlink Vulnerability

Sudo is a program used on Unix-like systems that allows users to execute commands with special privileges in a secure manner. A backlink vulnerability exists in versions of Sudo prior to 1.9.5 that allows an attacker to test for the existence of a directory anywhere on the file system...

2.5CVSS6.8AI score0.01029EPSS
Exploits1References20
Cvelist
Cvelist
added 2019/10/23 12:45 p.m.28 views

CVE-2019-10465

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file syste...

4.4AI score0.00788EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/05/17 4:30 p.m.6 views

tomcat: directory disclosure

It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that...

5.3CVSS6.7AI score0.1838EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/05/17 4:12 p.m.6 views

tomcat: directory disclosure

It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that...

5.3CVSS6.7AI score0.1838EPSS
Exploits0References5
Amazon
Amazon
added 2016/03/29 12:0 a.m.70 views

Medium: tomcat7

Issue Overview: ResourceLinkFactory.setGlobalContext is a public method and was discovered to be accessible by web applications running under a security manager without any checks. This allowed a malicious web application to inject a malicious global context that could in turn be used to disrupt...

8.8CVSS7.9AI score0.1838EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/03/17 12:0 a.m.6 views

The vulnerability of the Apache Tomcat application server allows a hacker to determine the existence of a directory.

The vulnerability of the Mapper component of the Apache Tomcat application server exists due to an incorrect path limitation for the access-controlled directory. Exploiting this vulnerability allows a malicious actor to determine the existence of the directory by failing to detect the slash “/”...

5CVSS6.7AI score0.1838EPSS
Exploits0References17Affected Software1
NVD
NVD
added 2016/02/25 1:59 a.m.32 views

CVE-2015-5345

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...

5.3CVSS6.7AI score0.1838EPSS
Exploits0References51
Prion
Prion
added 2016/02/25 1:59 a.m.24 views

Design/Logic Flaw

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...

5CVSS6.9AI score0.1838EPSS
Exploits0References51Affected Software3
Cvelist
Cvelist
added 2016/02/25 1:0 a.m.29 views

CVE-2015-5345

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...

6.8AI score0.1838EPSS
Exploits0References51
CVE
CVE
added 2016/02/25 1:0 a.m.215 views

CVE-2015-5345

CVE-2015-5345 affects the Tomcat Mapper component: redirects are processed before security constraints/Filters, enabling a remote attacker to determine the existence of a directory via a URL that lacks a trailing slash. Affected upstream versions are Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8...

5.3CVSS6.8AI score0.1838EPSS
Exploits0References51Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/02/24 12:0 a.m.527 views

Apache Tomcat 7.0.0 < 7.0.68 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.68. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.68security-7 advisory. - The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x...

8.8CVSS7.2AI score0.1838EPSS
Exploits0References16
OSV
OSV
added 2016/02/24 12:0 a.m.3 views

UBUNTU-CVE-2015-5345

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing /...

5.3CVSS6.8AI score0.1838EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

Image Display System 0.8.1 Directory Existence Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4870/info IDS Image Display System is an web based photo album application written in Perl. IDS is freely available and is maintained by Ashley M. Kirchner. Users can confirm the existence and location of various...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/12/09 12:0 a.m.18 views

Fedora 18 : lynis-1.3.6-1.fc18 (2013-22758)

1.3.6 2013-12-03 New : - Support for the dntpd time daemon - New Apache test for modules HTTP-6632 - Apache test for modevasive HTTP-6640 - Apache test for modqos HTTP-6641 - Apache test for modspamhaus HTTP-6642 - Apache test for ModSecurity HTTP-6643 - Check for installed package audit tool...

5.6AI score
Exploits0References3
myhack58
myhack58
added 2011/08/12 12:0 a.m.20 views

DEDECMS get SHELL EXP-vulnerability warning-the black bar safety net

Network transmission is said to know the background to use, but don't, as long as the plus the directory exists, the server can even outside, you can get the shell www.t00ls.net5 G$ w& h" m! n9 S: G Before the title conditions, you must ready yourself for the dede database, and then insert the...

7.2AI score
Exploits0
Rows per page
Query Builder