779 matches found
USN-6556-1 budgie-extras vulnerabilities
It was discovered that Budgie Extras incorrectly handled certain temporary file paths. An attacker could possibly use this issue to inject false information or deny access to the application. CVE-2023-49342, CVE-2023-49343, CVE-2023-49347 Matthias Gerstner discovered that Budgie Extras incorrectl...
USN-6556-1: Budgie Extras vulnerabilities
It was discovered that Budgie Extras incorrectly handled certain temporary file paths. An attacker could possibly use this issue to inject false information or deny access to the application. CVE-2023-49342, CVE-2023-49343, CVE-2023-49347 Matthias Gerstner discovered that Budgie Extras incorrectl...
Kibana 8.11.2, 7.17.16 Security Update (ESA-2023-27)
Kibana Insertion of Sensitive Information into Log File ESA-2023-27 An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which...
PT-2023-8930 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 8.11.2 Description: An issue was discovered whereby sensitive information may be recorded in Kibana logs in the event of an error or when debug level logging is enabled. The messages recorded in the log may contain...
CVE-2023-6352
The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services IIS or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate...
Path Traversal
Reactor Netty HTTP Server is vulnerable to Path Traversal. The vulnerability is due to improper validation for file paths. An attacker can accesses unauthorized files or directories by using crafted URLs...
CVE-2023-5355
The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server...
Code injection
The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server...
CVE-2023-5355 Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion
The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server...
CVE-2023-5355 Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion
The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server...
CVE-2023-5514
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...
CVE-2023-5177
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...
CVE-2023-43697
Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...
CVE-2023-43697
Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...
Arbitrary File Write
github.com/schollz/croc is vulnerable to Arbitrary File Write through crafted File Paths. The vulnerability is due to the Croc protocol which allows senders to specify sn arbitrary path for a file transfer. If the recipient doesn't already have a file with the same name, an attacker can exploit...
Path traversal
A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...
Directory traversal
An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...
soosyze 2.0.0 - File Upload Exploit
Title: soosyze 2.0.0 - File Upload Author: nu11secur1ty Vendor: https://soosyze.com/ Software: https://github.com/soosyze/soosyze/releases/tag/2.0.0 Reference: https://portswigger.net/web-security/file-upload Description: Broken file upload logic. The malicious user can upload whatever he wants t...
Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC 安全漏洞
Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC is a hardware and software solution designed for power system automation and control from Schweitzer Engineering Laboratories, USA. A security vulnerability exists in the Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC th...
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names
Impact It's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. Example: js cy.get'h1'.matchImageSnapshot'../../../ignore-relative-dirs' The above will create an ignore-relative-dirs.png three levels ...