Lucene search
K

778 matches found

Node.js
Node.js
added 2017/05/30 10:31 p.m.153 views

Directory Traversal

Overview Affected versions of serverlyr resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

5CVSS4.4AI score0.02005EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2017/04/12 12:0 a.m.53 views

Zimbra < 8.7.6 Multiple Vulnerabilities

Zimbra is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.7AI score0.03799EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/12/15 6:31 a.m.23 views

CVE-2016-6852

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware...

4.9AI score0.00966EPSS
Exploits0References2
CNVD
CNVD
added 2016/09/03 12:0 a.m.2 views

ZKTeco ZKBioSecurity 3.0 Directory Traversal Vulnerability

ZKBioSecurity is a comprehensive management platform for biometric security. A directory traversal vulnerability exists in ZKTeco ZKBioSecurity 3.0, which can be exploited by an attacker to obtain sensitive information by modifying a file path...

6.6AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.7 views

The vulnerability of Google Chrome allows a malicious actor to circumvent domain restriction rules.

The Google Chrome browser contains a vulnerability related to the implementation of drag-and-drop functionality. This vulnerability allows malicious actors to circumvent domain restrictions and replace local file paths by accessing resources through rendering. To exploit this vulnerability, activ...

4.3CVSS7.7AI score0.01405EPSS
Exploits1References3Affected Software1
GoogleProjectZero
GoogleProjectZero
added 2016/02/29 12:0 a.m.42 views

The Definitive Guide on Win32 to NT Path Conversion

Posted by James Forshaw, path’ological reverse engineer. How the Win32 APIs process file paths on Windows NT is a tale filled with backwards compatibility hacks, weird behaviour, and beauty†. Incorrect handling of Win32 paths can lead to security vulnerabilities. This blog post is to try and give...

6.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2015/12/24 1:59 a.m.3 views

CVE-2015-7934

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors...

8.6CVSS5.6AI score0.02201EPSS
Exploits0References3
CNVD
CNVD
added 2015/12/20 12:0 a.m.5 views

Adcon Telemetry A840 Telemetry Gateway Information Disclosure Vulnerability (CNVD-2015-08414)

The Adcon Telemetry A840 Telemetry Gateway is the A840 series of gateway products from Adcon Telemetry, Germany. The Adcon Telemetry A840 Telemetry Gateway displays the full pathname of the log file in the server, allowing remote attackers to exploit this vulnerability to obtain sensitive...

8.6CVSS6.8AI score0.02201EPSS
Exploits0References1
CNVD
CNVD
added 2015/09/27 12:0 a.m.3 views

Kaseya Virtual System Administrator Elevation of Privilege Vulnerability

Kaseya Virtual System Administrator is a suite of IT system management platforms for simplifying and automating IT services. Kaseya Virtual System Administrator does not enforce user authentication and does not restrict target file paths, allowing remote attackers to exploit vulnerabilities to...

9.8CVSS7.8AI score0.82102EPSS
Exploits13References1
Zero Day Initiative
Zero Day Initiative
added 2015/09/23 12:0 a.m.25 views

Kaseya Virtual System Administrator Remote File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uploader.aspx page, which does not properly require that users...

7.5CVSS9.5AI score0.82102EPSS
Exploits13References1
OSV
OSV
added 2015/08/21 12:0 a.m.37 views

DLA-297-1 wesnoth-1.8 - security update

Bulletin has no description...

4.3CVSS4.2AI score0.01715EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/08/12 6:13 a.m.3 views

Microsoft Office discloses a file path of a local file

Overview When a file such as a clipart or an image is inserted in Office documents, the absolute path of the local file is stored in "alternative text". Yosuke HASEGAWA of SecureSky Technology Inc. and Miyuki Chikara of MARUS JAPAN Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

4.3CVSS6.2AI score
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2015/07/14 12:0 a.m.3 views

Microsoft Internet Explorer Information Disclosure (MS15-065: CVE-2015-2412)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to improper validation of file paths. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Internet Explorer...

4.3CVSS5.7AI score0.17855EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/07/07 12:0 a.m.61 views

Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2658-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2658-1 advisory. Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass...

10CVSS7.6AI score0.50129EPSS
Exploits19References20
ArchLinux
ArchLinux
added 2015/07/03 12:0 a.m.27 views

wesnoth: information leakage

Wesnoth implements a text preprocessing language that is used in conjunction with its own game scripting language. It also has a built-in Lua interpreter and API. Both the Lua API and the preprocessor make use of the same function filesystem::getwmllocation to resolve file paths so that only...

1.4AI score0.01715EPSS
Exploits0References4
securityvulns
securityvulns
added 2015/06/29 12:0 a.m.58 views

[USN-2651-1] GNU patch vulnerabilities

========================================================================== Ubuntu Security Notice USN-2651-1 June 22, 2015 patch vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

7.8CVSS0.8AI score0.11199EPSS
Exploits1
Ubuntu
Ubuntu
added 2015/06/22 11:50 p.m.70 views

USN-2651-1: GNU patch vulnerabilities

Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. CVE-2010-4651 László...

7.8CVSS6.7AI score0.11199EPSS
Exploits1
Metasploit
Metasploit
added 2015/04/15 10:10 p.m.39 views

Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure

This module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003 and CAS 2007, 2010, and 2013 servers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA ...

7AI score
Exploits0
Metasploit
Metasploit
added 2015/03/30 3:39 p.m.46 views

MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure

This module will use the Microsoft XMLDOM object to enumerate a remote machine's filenames. It will try to do so against Internet Explorer 8 and Internet Explorer 9. To use it, you must supply your own list of file paths. Each file path should look like this: c:\\windows\\system32\\calc.exe This...

6.5CVSS6.3AI score0.58023EPSS
Exploits3
OwnCloud
OwnCloud
added 2015/03/25 6:44 p.m.57 views

Bypass of file blacklist - ownCloud

A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud versions, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could leverage this bypass by uploading a .htaccess and execute...

6CVSS6.9AI score0.01339EPSS
Exploits0Affected Software1
Rows per page
Query Builder