Lucene search
K

779 matches found

Veracode
Veracode
added 2023/07/25 10:48 a.m.22 views

Improper Path Sanitisation

cloudfoundry/archiver is vulnerable to improper path sanitization. The vulnerability is due to not sanitizing relative file paths while processing archive entries. This can result in an attacker writing/overwritting files outside of the target directory leading to denial of service or loss of...

9.1CVSS6.6AI score0.01188EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/24 12:0 a.m.65 views

Jupiter X Core <= 2.5.0 - Unauthenticated Arbitrary File Download

Description The plugin does not have authorisation checks and does not validate file paths in the handlefiledownload function, allowing unauthenticated users to download arbitrary files from the server when the premium version of the plugin is activated...

7.5CVSS7.7AI score0.00987EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/06/13 12:0 a.m.14 views

WordPress Otter - Gutenberg Blocks Plugin < 2.2.6 PHAR Deserialization Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:themeisle:otter"; if description...

8.8CVSS7AI score0.17973EPSS
Exploits2References1
Veracode
Veracode
added 2023/05/30 12:42 p.m.20 views

Arbitrary File Write

Jenkins Pipeline Utility Steps Plugin is vulnerable to Arbitrary File Write. The vulnerability exists due to not validating file paths of files contained within archives which allows an attacker to provide crafted archives as parameters to create or replace arbitrary files on the file system...

8.8CVSS6.8AI score0.01016EPSS
Exploits0References3Affected Software2
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.4 views

Jenkins Code Dx Plugin 路径遍历漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00953EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.3 views

Jenkins Plugin Sidebar Link 路径遍历漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.1AI score0.72358EPSS
Exploits0References4
Veracode
Veracode
added 2023/05/09 7:36 a.m.23 views

Access Control Bypass

drupal/core is vulnerable to Access Control Bypass. The vulnerability is due to the download facility failing to sufficiently sanitize file paths, resulting in private file exposure to users who shouldn't have access...

6.5CVSS6.2AI score0.0054EPSS
Exploits0References5Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.16 views

Otter - Gutenberg Blocks < 2.2.6 - Author+ PHAR Deserialization

The plugin does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP addFromString'test.png', 'text'; $phar-setStub"\xff\xd8\xff\n"; $phar-setMetadatanew Evil; $phar-stopBuffering; 2. As an Author user,...

8.8CVSS9.1AI score0.17973EPSS
Exploits2Affected Software1
NVD
NVD
added 2023/04/26 7:15 p.m.10 views

CVE-2023-31250

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

6.5CVSS6.4AI score0.0054EPSS
Exploits0References1
Prion
Prion
added 2023/04/26 7:15 p.m.25 views

Design/Logic Flaw

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

4CVSS6.4AI score0.0054EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2023/04/24 12:14 p.m.17 views

Arbitrary File Write

MindsDB is vulnerable to Arbitrary File Write. The vulnerability exists due to an unsafe extraction process in file.py which does not ensure relative file paths are escaped allowing an attacker to write arbitrary files outside the expected directory...

7.5CVSS7.3AI score0.01EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2023/04/11 12:0 a.m.12 views

Online Computer and Laptop Store Path Traversal Vulnerability

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. A path traversal vulnerability exists in Online Computer and Laptop Store v1.0. The vulnerability stems from the fact that the parameter path in the file /classes/Master.php?f=deleteim...

8.5AI score0.01075EPSS
Exploits1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/10 2:14 p.m.9 views

CVE-2023-1381 WP Meta SEO < 4.5.5 - Author+ PHAR Deserialization

The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code...

9AI score0.01689EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.4 views

ELECOM WAB-MAT 代码问题漏洞

ELECOM WAB-MAT is a management tool for enterprise access points from ELECOM. A security vulnerability exists in ELECOM WAB-MAT version 5.0.0.8 and earlier, which originates from the use of unquoted file paths to register its Windows service executable...

7.3CVSS7.5AI score0.00198EPSS
Exploits0References4
OSV
OSV
added 2023/03/19 3:15 a.m.5 views

AZL-25707 CVE-2023-28617 affecting package emacs for versions less than 28.2-5

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

7.8CVSS7.5AI score0.00469EPSS
Exploits0References1
Veracode
Veracode
added 2023/03/09 3:14 a.m.32 views

Path Traversal

github.com/gookit/goutil is vulnerable to Path Traversal Zip Slip. The vulnerability exists because the Unzip function in operate.go does not properly sanitize the relative file paths, allowing an attacker to access files outside the expected directory...

8.8CVSS8.3AI score0.00849EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/02/22 7:15 p.m.17 views

CVE-2023-25579

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...

7.5CVSS6.5AI score0.00505EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.3 views

SUSE CVE-2017-5223

An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base...

5.5CVSS6.7AI score0.02143EPSS
Exploits6References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.2 views

SUSE CVE-2020-26954

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

4.3CVSS8.6AI score0.00633EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.5 views

Jenkins Plugin Semantic Versioning 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerabilit...

9.8CVSS8.6AI score0.01314EPSS
Exploits0References3
Rows per page
Query Builder