Lucene search
K

779 matches found

Veracode
Veracode
added 2024/04/09 5:24 a.m.16 views

Path Traversal

github.com/mholt/archiver is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths within tar archives, allowing an attacker to craft a tar file that, when unpacked, can access or modify files or directories outside of the intended directory...

6.1CVSS7AI score0.00928EPSS
Exploits1References6Affected Software1
Veracode
Veracode
added 2024/04/04 7:58 a.m.35 views

Local File Inclusion

voila is vulnerable to Local File Inclusion. The vulnerability is due to improper handling of file paths within app.py which allows an attacker to access readable files on the server's filesystem...

7.5CVSS6.7AI score0.00725EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2024/03/19 6:23 p.m.1 views

emacs: command injection vulnerability in htmlfontify.el

A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed...

7.8CVSS7.4AI score0.01132EPSS
Exploits0References4
NVD
NVD
added 2024/03/19 12:15 p.m.8 views

CVE-2024-2635

The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they d...

7.3CVSS7.2AI score0.00427EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/19 12:9 p.m.10 views

CVE-2024-2635 Multiple vulnerabilities on Meta4 HR from Cegid

The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they d...

7.3CVSS6.9AI score0.00427EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/19 12:9 p.m.16 views

CVE-2024-2635 Multiple vulnerabilities on Meta4 HR from Cegid

The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they d...

7.3CVSS7.4AI score0.00427EPSS
Exploits0References1
NVD
NVD
added 2024/03/18 9:15 p.m.15 views

CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

7.9CVSS7.8AI score0.17868EPSS
Exploits0References2
OSV
OSV
added 2024/03/18 9:15 p.m.4 views

DEBIAN-CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

6.6CVSS7.7AI score0.17868EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/03/15 12:0 a.m.7 views

The vulnerability of the IBM Cloud Pak for Data Analysis and Management platform, known as CP4D, arises from improper external management of file names or paths. This allows attackers to modify any arbitrary files or data within the system.

The vulnerability of the IBM Cloud Pak for Data Analysis and Management platform CP4D is related to improper external management of file names or paths. Exploiting this vulnerability could allow a attacker to modify any arbitrary files or data within the system...

4.2CVSS5.6AI score0.0024EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/20 1:31 a.m.20 views

CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

5CVSS5AI score0.00945EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/20 1:31 a.m.30 views

CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

5CVSS5.9AI score0.00945EPSS
Exploits0References3
Veracode
Veracode
added 2024/02/12 6:54 a.m.22 views

Arbitrary File Write

github.com/hashicorp/nomad is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of symlinks by the template renderer. The attacker can manipulate file paths and write arbitrary files to the host system...

7.7CVSS6.9AI score0.00617EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/02/05 10:15 p.m.35 views

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

5.3CVSS4.7AI score0.00615EPSS
Exploits0References4
OSV
OSV
added 2024/02/05 10:15 p.m.5 views

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

5.3CVSS5.9AI score0.00615EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.38 views

CVE-2023-4637 WPvivid <= 0.9.94 - Missing Authorization

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

4.3CVSS5.4AI score0.00615EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/01/26 12:0 a.m.17 views

WPvivid < 0.9.95 - Missing Authorization

Description The plugin vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function, making it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID...

5CVSS6.6AI score0.00615EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/01/22 3:15 p.m.39 views

CVE-2020-36772

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...

4.4CVSS4.7AI score0.00378EPSS
Exploits3References4
CVE
CVE
added 2024/01/22 2:11 p.m.62 views

CVE-2020-36772

CloudLinux CageFS CVE-2020-36772 affects CageFS 7.0.8-2 and earlier, where file paths given to the sendmail proxy command are not sufficiently restricted. This enables local users to read/write arbitrary files outside the CageFS environment. The vulnerability is triggered by insufficient path val...

4.4CVSS4.7AI score0.00378EPSS
Exploits3References4Affected Software1
CNNVD
CNNVD
added 2024/01/08 12:0 a.m.6 views

WordPress Plugin Clone Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

7.5CVSS6.6AI score0.01961EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/01/03 12:0 a.m.3 views

HCL Technologies DRYiCE MyXalytics Path Traversal Vulnerability

HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics that stems from certain endpoints that allow a user to manipulate the path including filename where these files are...

9.8CVSS6.7AI score0.00997EPSS
Exploits0References2
Rows per page
Query Builder