Lucene search
K

779 matches found

OSV
OSV
added 2023/12/14 3:56 p.m.3 views

USN-6556-1 budgie-extras vulnerabilities

It was discovered that Budgie Extras incorrectly handled certain temporary file paths. An attacker could possibly use this issue to inject false information or deny access to the application. CVE-2023-49342, CVE-2023-49343, CVE-2023-49347 Matthias Gerstner discovered that Budgie Extras incorrectl...

7.8CVSS6AI score0.00303EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2023/12/14 3:56 p.m.120 views

USN-6556-1: Budgie Extras vulnerabilities

It was discovered that Budgie Extras incorrectly handled certain temporary file paths. An attacker could possibly use this issue to inject false information or deny access to the application. CVE-2023-49342, CVE-2023-49343, CVE-2023-49347 Matthias Gerstner discovered that Budgie Extras incorrectl...

7.8CVSS7.4AI score0.00303EPSS
Exploits0
Elastic
Elastic
added 2023/12/12 5:23 p.m.7 views

Kibana 8.11.2, 7.17.16 Security Update (ESA-2023-27)

Kibana Insertion of Sensitive Information into Log File ESA-2023-27 An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which...

8CVSS6.4AI score0.00608EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.4 views

PT-2023-8930 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 8.11.2 Description: An issue was discovered whereby sensitive information may be recorded in Kibana logs in the event of an error or when debug level logging is enabled. The messages recorded in the log may contain...

8CVSS6.4AI score0.00608EPSS
Exploits0References10
NVD
NVD
added 2023/11/30 6:15 p.m.12 views

CVE-2023-6352

The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services IIS or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate...

5.3CVSS0.01104EPSS
Exploits1References5
Veracode
Veracode
added 2023/11/17 11:5 a.m.28 views

Path Traversal

Reactor Netty HTTP Server is vulnerable to Path Traversal. The vulnerability is due to improper validation for file paths. An attacker can accesses unauthorized files or directories by using crafted URLs...

7.5CVSS7AI score0.01124EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/06 9:15 p.m.4 views

CVE-2023-5355

The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server...

8.1CVSS5.9AI score0.0066EPSS
Exploits2References1
Prion
Prion
added 2023/11/06 9:15 p.m.19 views

Code injection

The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server...

5.5CVSS7.1AI score0.0066EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/11/06 8:41 p.m.22 views

CVE-2023-5355 Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion

The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server...

8.2AI score0.0066EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/11/06 8:41 p.m.9 views

CVE-2023-5355 Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion

The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server...

7.1AI score0.0066EPSS
Exploits2References1
OSV
OSV
added 2023/11/01 3:15 a.m.3 views

CVE-2023-5514

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...

5.3CVSS5.8AI score0.00377EPSS
Exploits0References1
OSV
OSV
added 2023/10/16 8:15 p.m.4 views

CVE-2023-5177

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...

5.3CVSS7.3AI score0.00545EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/10/09 12:3 p.m.21 views

CVE-2023-43697

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

6.5CVSS6.7AI score0.00646EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/09 12:3 p.m.10 views

CVE-2023-43697

Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...

6.5CVSS7.1AI score0.00646EPSS
Exploits0References3
Veracode
Veracode
added 2023/09/29 8:3 a.m.23 views

Arbitrary File Write

github.com/schollz/croc is vulnerable to Arbitrary File Write through crafted File Paths. The vulnerability is due to the Croc protocol which allows senders to specify sn arbitrary path for a file transfer. If the recipient doesn't already have a file with the same name, an attacker can exploit...

7.8CVSS6.9AI score0.00339EPSS
Exploits1References5Affected Software2
Prion
Prion
added 2023/09/25 8:15 p.m.26 views

Path traversal

A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...

5CVSS7.6AI score0.01347EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2023/09/22 7:15 p.m.15 views

Directory traversal

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

6.5CVSS8.5AI score0.01239EPSS
Exploits1References3Affected Software1
0day.today
0day.today
added 2023/09/11 12:0 a.m.299 views

soosyze 2.0.0 - File Upload Exploit

Title: soosyze 2.0.0 - File Upload Author: nu11secur1ty Vendor: https://soosyze.com/ Software: https://github.com/soosyze/soosyze/releases/tag/2.0.0 Reference: https://portswigger.net/web-security/file-upload Description: Broken file upload logic. The malicious user can upload whatever he wants t...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.4 views

Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC 安全漏洞

Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC is a hardware and software solution designed for power system automation and control from Schweitzer Engineering Laboratories, USA. A security vulnerability exists in the Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC th...

7.4CVSS5.7AI score0.00134EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/08/01 4:59 p.m.23 views

@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names

Impact It's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. Example: js cy.get'h1'.matchImageSnapshot'../../../ignore-relative-dirs' The above will create an ignore-relative-dirs.png three levels ...

6.5CVSS6.4AI score0.00795EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder