Lucene search
K

779 matches found

Github Security Blog
Github Security Blog
added 2020/09/01 6:46 p.m.32 views

Directory Traversal in scott-blanch-weather-app

Affected versions of scott-blanch-weather-app resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...

7.5CVSS7.1AI score0.02005EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 6:19 p.m.24 views

Directory Traversal in serverzyy

Affected versions of serverzyy resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...

7.5CVSS7.1AI score0.02005EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2020/09/01 6:16 p.m.14 views

GHSA-M362-87JC-F39V Directory Traversal in uv-tj-demo

Affected versions of uv-tj-demo resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...

7.5CVSS7.4AI score0.02005EPSS
Exploits1References3
OSV
OSV
added 2020/09/01 6:14 p.m.11 views

GHSA-CCW5-7VFH-P5HM Directory Traversal in dmmcquay.lab6

Affected versions of dmmcquay.lab6 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

7.5CVSS7.4AI score0.02005EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2020/09/01 6:7 p.m.20 views

Directory Traversal in wind-mvc

Affected versions of wind-mvc resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...

7.5CVSS7.1AI score0.02005EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 5:29 p.m.25 views

Directory Traversal in dylmomo

Affected versions of dylmomo resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...

7.5CVSS7.1AI score0.02005EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 5:18 p.m.20 views

Directory Traversal in weather.swlyons

Affected versions of weather.swlyons resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

7.5CVSS7.1AI score0.02005EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2020/09/01 4:57 p.m.13 views

GHSA-XPQW-FQPW-35FC Directory Traversal in wangguojing123

Affected versions of wangguojing123 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

7.5CVSS7.5AI score0.02005EPSS
Exploits1References3
OSV
OSV
added 2020/09/01 4:51 p.m.11 views

GHSA-G87G-4X3W-F8JP Directory Traversal in serverwzl

Affected versions of serverwzl resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...

7.5CVSS7.4AI score0.02005EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2020/09/01 4:46 p.m.30 views

Directory Traversal in tiny-http

Affected versions of tiny-http resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...

7.5CVSS7.1AI score0.02005EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2020/08/25 9:15 p.m.3 views

CVE-2020-15640

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl...

7.5CVSS7.1AI score0.03217EPSS
Exploits0References2
Mageia
Mageia
added 2020/08/18 5:41 p.m.25 views

Updated ark packages fix security vulnerability

A maliciously crafted archive with "../" in the file paths would install files anywhere in the user's home directory upon extraction CVE-2020-16116...

4.3CVSS1.4AI score0.01706EPSS
Exploits0References2
Veracode
Veracode
added 2020/08/11 5:42 a.m.12 views

Directory Traversal

apache hyracks-control is vulnerable to directory traversal. Lack of validation of file paths within an archive allows an attacker to write files outside of the UDF deployment folder...

5.5CVSS4.4AI score0.01977EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2020/07/20 4:15 p.m.39 views

CVE-2020-12027

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...

4.3CVSS4.7AI score0.53024EPSS
Exploits3References3
Prion
Prion
added 2020/07/20 4:15 p.m.33 views

Design/Logic Flaw

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...

4CVSS4.6AI score0.53024EPSS
Exploits3References3
OSV
OSV
added 2020/06/24 12:15 p.m.10 views

CVE-2020-7667

In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all...

7.5CVSS6.7AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/06/23 7:38 p.m.21 views

CVE-2020-7664

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

7.5CVSS7.1AI score0.01419EPSS
Exploits1References2
Prion
Prion
added 2020/06/23 7:38 p.m.12 views

Code injection

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

5CVSS7.5AI score0.01332EPSS
Exploits1References1
Prion
Prion
added 2020/06/23 7:38 p.m.14 views

Code injection

In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...

5CVSS7.5AI score0.01419EPSS
Exploits1References1
CNVD
CNVD
added 2020/06/17 12:0 a.m.13 views

GOG Galaxy Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-25692)

GOG Galaxy is a game client program from the Polish company GOG. The program is used to install, launch and update games. A vulnerability exists in GOG Galaxy version 1.2.x prior to 1.2.62 and version 2.0.x prior to 2.0.12 in the context of privilege permission and access control issues. An...

8.8CVSS6.8AI score0.03778EPSS
Exploits5References1
Rows per page
Query Builder