Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js. PoC 1 Make sure you have a public/ directory with files in it. 2 Make sure you have a public-isprivate directory with files in it. 3...

CVE-2023-3315

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

UBUNTU-CVE-2023-3316

A NULL pointer dereference in TIFFClose is caused by a failure to open an output file non-existent path or a path that requires permissions like /dev/null while specifying zones...

Jenkins Plugin Team Concert 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Arbitrary File Read

vite is vulnerable to Arbitrary File Read. The vulnerability exists due to improper file path sanitization, allowing an attacker to access files from the root path. Note this vulnerability is only applicable if the vite dev server is hosted on the network...

GHSA-WMXX-2PVR-X7J6 Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not correctly escape the file path and the project name for the Log file field form validation. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2023-35145

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...

CVE-2023-35145

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...

CVE-2023-35145

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...

Path Traversal

io.hawt:hawtio-system is vulnerable to Path Traversal. The vulnerability exists in the unzip function of Zips.java due to a lack of file path sanitization which allows an attacker to overwrite or modify sensitive files in the system...

CVE-2023-2749

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected...

CVE-2023-2749 A Gain Information vulnerability was found on Download Center.

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected...

ASUSTOR Data Master 安全漏洞

ASUSTOR Data Master is a proprietary operating system on ASUSTOR NAS from ASUS, China, with a tablet-like graphical interface comparable to a zero learning curve, making it easy to get started. A security vulnerability exists in ASUSTOR Data Master ADM versions 4.0 through 4.2, which stems from a...

CVE-2023-2288

The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP 8.0 using the phar:// stream wrapper...

PT-2023-23959 · Lima · Lima

Name of the Vulnerable Software and Affected Versions: Lima versions prior to 0.16.0 Description: A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The attacker has to embed the target file pat...

Information Disclosure

org.jenkins-ci.plugins:codedx is vulnerable to Information Disclosure. A remote authenticated attacker with item/read permissions is able to gain access user sensitive information such as the existence of an attacker-specified file path on an agent file system...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a segmentation violation via the expandmmacparams function in the /nasm/nasm-pp.c file. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended...

File Path Traversal Vulnerability

Description in the file adminautoupdate.php php elseif $page == 'extract' if isset$POST'send' && $POST'send' == 'send' $toExtract = isset$POST'archive' ? $POST'archive' : null; $localArchive = Froxlor::getInstallDir . '/updates/' . $toExtract; $log-logActionFroxlorLogger::ADMACTION, LOGNOTICE,...

PT-2023-21296 · Sourcecodester · Sourcecodester Online Exam System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Exam System version 1.0 Description: A critical vulnerability was found in the SourceCodester Online Exam System, affecting unknown code of the file /kelasdosen/data. The manipulation of the argument columns1data leads t...