Lucene search
K

779 matches found

ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.2 views

CVE-2022-36904

Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS5.8AI score0.00561EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.2 views

Jenkins Buckminster Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.0047EPSS
Exploits0References5
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

Anakin path traversal vulnerability

Anakin is a cross-platform, high-performance inference engine open-sourced by PaddlePaddle.Anakin 0.1.1 and earlier versions have a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in resource or file paths, which could be...

9.3CVSS3.6AI score0.01118EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.31 views

flask-mongo-skel path traversal vulnerability

flask-mongo-skel is a Flask MongoDB framework from Shamail Tayyab's personal developer. flask-mongo-skel 2012-11-01 and earlier versions contain a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter resource or file paths for The vulnerability is...

9.3CVSS2.8AI score0.01118EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.22 views

Fan_Platform path traversal vulnerability

FanPlatform is a UI interface automation platform backend for Caoyongqi912 personal developers. 2021-04-20 and earlier versions of FanPlatform are vulnerable to a path traversal vulnerability, which stems from the failure of Flask's sendfile function to properly filter special elements in resourc...

9.3CVSS4.2AI score0.01118EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.31 views

AutomatedQuizEval path traversal vulnerability

AutomatedQuizEval, an automated quiz evaluation system from the personal developer Sravani Boinepelli, suffers from a path traversal vulnerability that stems from the failure of Flask's sendfile function to properly filter special elements in resource or file paths, which could be exploited by...

9.3CVSS4.5AI score0.01164EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

flask-file-server path traversal vulnerability

flask-file-server is a file server with a front-end for browsing, uploading, and streaming files from Wildog Personal Developer. flask-file-server 2020-02-20 and earlier versions are vulnerable to a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly...

9.3CVSS3.6AI score0.01118EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2022/06/14 12:0 a.m.302 views

Real Player 16.0.3.51 - 'external::Import()' Directory Traversal to Remote Code Execution (RCE)

Exploit Title: Real Player 16.0.3.51 - 'external::Import' Directory Traversal to Remote Code Execution RCE Google Dork: n/a Date: May 31, 2022 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://real.com/ Software Link: http://real.com/ Version: ver. 16.00.282, 16.0.3.51, Cloud 17.0.9.17,...

7.4AI score
Exploits0
OSV
OSV
added 2022/05/24 5:15 p.m.13 views

GHSA-9WXJ-37P8-49FF Diavante vue-storefront-api and storefront-api disclose stack trace

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...

5.3CVSS5.1AI score0.1515EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:15 p.m.17 views

Diavante vue-storefront-api and storefront-api disclose stack trace

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...

5.3CVSS6.8AI score0.1515EPSS
Exploits1References6Affected Software2
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/24 12:0 a.m.28 views

Kubernetes Secrets Store CSI Driver plugins arbitrary file write

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...

6.5CVSS5.7AI score0.0137EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/16 1:5 p.m.4 views

CLSA-2022-1652706309 Fix CVE(s): CVE-2019-17041, CVE-2019-17042, CVE-2018-16881

SECURITY UPDATE: denial of dervice - debian/patches/CVE-2018-16881.patch: introduces a frame size check in the processDataRcvd function of plugins/imptcp/imptcp.c. - CVE-2018-16881 SECURITY UPDATE: heap-based overflow - debian/patches/CVE-2019-17041.patch: adds length checks for invalid AIX log...

9.8CVSS5.8AI score0.04568EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/14 1:6 a.m.35 views

Improper Limitation of a Pathname to a Restricted Directory in WildFly

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability...

5.5CVSS4.7AI score0.01262EPSS
Exploits0References13Affected Software1
Snyk
Snyk
added 2022/05/02 9:32 a.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation by not validating that the expanded path matches publicdir when serving static files. Remediation Upgrade sinatra to version 2.2.0 or higher. References - GitHub Commit - GitHub PR...

7.5CVSS6.9AI score0.02059EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/04/25 12:0 a.m.6 views

The vulnerability of the PHP interpreter is related to an error in processing paths to files containing the character \x00. This error allows attackers to gain unauthorized access to files or directories.

The vulnerability of the PHP interpreter extension is related to an error in processing paths to files containing the character \x00. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to files or directories...

7.5CVSS7.5AI score0.20233EPSS
Exploits0References17Affected Software5
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.28 views

Microsoft Windows Shell Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths...

9.3CVSS3.1AI score0.73968EPSS
In wildExploits0
Veracode
Veracode
added 2022/03/22 4:9 a.m.39 views

Path Traversal

studio-42/elfinder is vulnerable to path traversal. The vulnerability exists due to improper handling of absolute file paths in the getFullPathfunction. allowing a remote attacker to access data in the system...

9.1CVSS5.3AI score0.50993EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/22 12:0 a.m.30 views

Path Traversal in Studio-42 elFinder through 2.1.60

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths...

9.1CVSS7.1AI score0.50993EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/03/22 12:0 a.m.14 views

GHSA-7Q88-JXVP-9GP2 Path Traversal in Studio-42 elFinder through 2.1.60

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths...

9.1CVSS9.2AI score0.50993EPSS
Exploits1References3
OSV
OSV
added 2022/03/21 5:15 p.m.24 views

CVE-2022-26960

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths...

9.1CVSS7.3AI score
Exploits0References3
Rows per page
Query Builder