Lucene search
K

779 matches found

OSV
OSV
added 2021/09/02 10:5 p.m.35 views

GHSA-9RJP-R58J-FXGQ Path traversal in elFinder.NetCore

This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...

8.6CVSS9.5AI score0.0167EPSS
Exploits0References5
Kitploit
Kitploit
added 2021/08/30 9:30 p.m.30 views

Reg1c1de - Registry Permission Scanner For Finding Potential Privesc Avenues Within Registry

Reg1c1de is a tool that scans specified registry hives and reports on any keys where the user has write permissions In addition, if any registry values are found that contain file paths with certain file extensions and they are writeable, these will be reported as well. More information on this...

7.3AI score
Exploits0References2
NVD
NVD
added 2021/08/05 9:15 p.m.18 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS0.0627EPSS
Exploits1References15
OSV
OSV
added 2021/08/05 9:15 p.m.35 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

3.7CVSS2.5AI score0.0627EPSS
Exploits1References15
Prion
Prion
added 2021/08/05 9:15 p.m.27 views

Code injection

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS5.2AI score0.0627EPSS
Exploits1References15Affected Software26
Debian CVE
Debian CVE
added 2021/08/05 8:16 p.m.51 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS6.5AI score0.0627EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/08/05 8:16 p.m.43 views

CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

4.3CVSS6.2AI score0.0627EPSS
Exploits1
Veracode
Veracode
added 2021/08/04 5:49 a.m.4 views

Directory Traversal

github.com/cortexproject/cortex is vulnerable to Directory Traversal. An attacker can pass a malicious pathname such as ae ../../sensitive/path/in/deployment because it directly uses header value X-Scope-OrgID to construct file paths, leading to parsing of a rules file at that location and leakin...

5.3CVSS6.5AI score0.01392EPSS
Exploits0References4Affected Software1
Node.js
Node.js
added 2021/08/03 6:14 p.m.111 views

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

Overview The tar package has a high severity vulnerability before versions 3.2.3, 4.4.15, 5.0.7, and 6.1.2. Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths...

5.8CVSS1.7AI score0.07795EPSS
Exploits0Affected Software1
Prion
Prion
added 2021/08/03 3:15 p.m.21 views

Directory traversal

An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that...

5CVSS5.4AI score0.01392EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/08/03 3:15 p.m.18 views

Directory traversal

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...

5CVSS5.2AI score0.01489EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/03 2:3 p.m.27 views

CVE-2021-36157

An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that...

5.4AI score0.01392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/07/28 12:0 a.m.8 views

PT-2021-12081 · Github.Com/Whyrusleeping/Tar Utils +3 · Github.Com/Whyrusleeping/Tar-Utils +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is caused by improper path sanitization, allowing archives with relative file paths to write or overwrite files outside the intended directory...

9.1CVSS6.9AI score0.01023EPSS
Exploits0References11
Prion
Prion
added 2021/07/15 5:15 p.m.17 views

Path traversal

Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders...

2.1CVSS4AI score0.00926EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.13 views

SUSE: Security Advisory (SUSE-SU-2018:2866-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/05/18 8:31 p.m.54 views

github.com/unknwon/cae Path Traversal vulnerability

The ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

7.5CVSS7.2AI score0.01332EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/05/07 7:31 p.m.3 views

CVE-2021-27571

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used and running applications, their icons, and their file paths. This information is sent in cleartext and is not protected by any authentication logic...

5.3CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.4 views

Emote Remote Mouse 访问控制错误漏洞

Remote Mouse is an application. A remote mouse. A security vulnerability exists in Emote Remote Mouse version 4.0.0.0 and earlier versions, which can be exploited by an attacker to retrieve recently used and running applications, their icons and their file paths. This information is sent in clear...

5.3CVSS6.2AI score0.01148EPSS
Exploits1References2
Friends Of PHP
Friends Of PHP
added 2021/04/29 12:16 p.m.31 views

Object injection via local phar file

This is a security release. SECURITY Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as ssh2 Ensure method signature consisten...

9.8CVSS8.8AI score0.03095EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/04/14 8:4 p.m.34 views

GO-2020-0026 Arbitrary file write via archive extraction in github.com/openshift/source-to-image

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

6.5CVSS6.3AI score0.01338EPSS
Exploits0References2
Rows per page
Query Builder