Path traversal

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw...

webkitgtk: Incorrect processing of file URLs

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

new module: perl:5.30

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...

CVE-2020-7758

This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server...

CVE-2020-7758

This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server...

Path traversal

This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server...

CVE-2020-7758

CVE-2020-7758 describes a path traversal vulnerability in browserless-chrome where user input from the workspace endpoint is used to construct a filePath, which is then fetched and returned, allowing an attacker to escape to arbitrary files on the server. Public sources in the connected docs cons...

PT-2020-19771 · Browserless · Browserless-Chrome

Name of the Vulnerable Software and Affected Versions: browserless-chrome versions prior to 1.43.0 Description: The issue affects browserless-chrome, where user input from the "workspace endpoint" is used to create a file path filePath. This filePath is then fetched and sent back to the user,...

Brave Android 1.16.68 Security Fixes

Fixed file-path for cookies as reported on HackerOne by kanytu. - Encrypted private wallet data preferences for Brave Rewards...

Directory Traversal

superstatic is vulnerable to directory traversal. Lack of validation in the file path allows a user to access to system files through the path name using the ../ characters...

Huawei EulerOS: Security Advisory for perl-File-Path (EulerOS-SA-2020-2203)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : perl-File-Path (EulerOS-SA-2020-2203)

According to the version of the perl-File-Path package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attackers to set th...

Mail.ru: Получение локального пути до файла [geekbrains.ru]

Verbose error output was enabled on lms-beta.geekbrains.ru...

HyperComments <= 1.2.2 - Unauthenticated Arbitrary File Deletion

The plugin does not validate and sanitise user input which is being concatenated to create a file path, passed to unlink, which leads to an arbitrary file deletion issue. For more details about this issue, please see the reference. PoC File: hypercomments/hypercomments.php:112 $filename =...

pcp: Local privilege escalation in pcp spec file %post section

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...

Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2020-2119)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for perl-File-Path (EulerOS-SA-2020-2048)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : perl-File-Path (EulerOS-SA-2020-2048)

According to the version of the perl-File-Path package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attacker...

EulerOS 2.0 SP3 : ruby (EulerOS-SA-2020-2139)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause...

Directory Traversal

static-server-gx is vulnerable to directory traversal. The vulnerability exists as it does not validate the file path for input such as ../, allowing the escape from the target root directory...