CVE-2024-21501

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system including project dependencies. An attacker could exploit this vulnerability to gather details abou...

Information Exposure

Overview sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Information Exposure when used on the backend and with the style attribute...

Nextcloud: Possible to enumerate valid files in password protected shares/files drop shares as well as spam folder with files

The summary is as follows: It was possible to enumerate valid files in password protected shares and file drop shares. Additionally, it was possible to spam the folder with empty files using an attacker-controlled file name. The vulnerability existed in the DocumentAPIControllercreate method, whi...

PT-2024-12817 · Softwarex · Software Fx Chart Fx 7

Name of the Vulnerable Software and Affected Versions: Software FX Chart FX 7 version 7.0.4962.20829 Description: The issue allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. Recommendations: For Software FX Chart FX 7 version 7.0.4962.20829,...

CVE-2023-6352

The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services IIS or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate...

CVE-2023-6352

The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services IIS or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate...

CVE-2023-6032

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS...

Progress WS_FTP Server < 8.8.2 Multiple Vulnerabilities

The remote host is running a version of WSFTP earlier than to 8.8.2. Such versions are reportedly affected by multiple vulnerabilities : - A stored cross-site scripting XSS vulnerability exists in WSFTP Server's Management module. An attacker with administrative privileges could import a SSL...

CVE-2023-40049

In WSFTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing...

Design/Logic Flaw

In WSFTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing...

CVE-2023-40049

Summary of CVE-2023-40049 : In WS_FTP Server versions prior to 8.8.2, an unauthenticated user could enumerate files in the WebServiceHost directory listing, exposing potential sensitive filenames. Multiple connected sources confirm this as a directory listing information-disclosure issue within W...

Progress Software WS_FTP Server Security Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A security vulnerability exists in Progress Software WSFTP Server versions prior to 8.8.2. An attacker can use this vulnerability to enumerate files in the "WebServiceHost" directory listi...

PT-2023-27235 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.8.2 Description: An unauthenticated user could enumerate files under the 'WebServiceHost' directory listing. Recommendations: For WS FTP Server versions prior to 8.8.2, update to version 8.8.2 or later to...

Reflected xss in installation space parameter

Description Cross-Site Scripting XSS is a type of security vulnerability that occurs when an attacker injects malicious code, usually in the form of scripts, into a web application. This code is then executed by unsuspecting users who visit the affected web page. in this case the path of...

Wordpress plugin User Meta – User Profile Builder and User management 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-23838

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server...

Directory traversal

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server...

CVE-2023-23838 Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server...

PT-2023-19245 · Solarwinds · Database Performance Analyzer

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A directory traversal and file enumeration issue allows users to enumerate different folders of the server. Recommendations: At the moment, there is no information about a newer version...

CVE-2023-23838

CVE-2023-23838 affects SolarWinds Database Performance Analyzer (DPA) up to version 2022.3 and earlier, described as a directory traversal and file enumeration vulnerability that could allow access to different folders on the server. Various sources corroborate the vulnerability in DPA (2023.1/ea...