Lucene search
K

77 matches found

OSV
OSV
added 2024/07/01 7:15 p.m.8 views

ALPINE-CVE-2024-38475

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS7.5AI score0.99957EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2024/04/26 9:30 a.m.24 views

Mattermost's detailed error messages reveal the full file path

Mattermost versions 9.6.x = 9.6.0, 9.5.x = 9.5.2, 9.4.x = 9.4.4 and 8.1.x = 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored...

4.3CVSS6.5AI score0.00452EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/26 8:24 a.m.15 views

CVE-2024-32046 Detailed error discloses full file path with dev mode off

Mattermost versions 9.6.x = 9.6.0, 9.5.x = 9.5.2, 9.4.x = 9.4.4 and 8.1.x = 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored...

4.3CVSS6.5AI score0.00452EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.8 views

PT-2023-30526 · Pimcore · Pimcore Admin Classic Bundle

Name of the Vulnerable Software and Affected Versions: Pimcore Admin Classic Bundle versions prior to 1.2.1 Description: The issue allows an attacker to see the path to the webroot/file, which can be used in conjunction with other vulnerabilities, such as SQL Injection using the load file query, ...

5.3CVSS5.6AI score0.0066EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.8 views

CVE-2023-24455

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

6.9AI score0.01187EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.5 views

Jenkins Files Found Trigger Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00581EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.2 views

Jenkins Continuous Integration with Toad Edge Plugin 访问控制错误漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An access control error vulnerability exis...

4.3CVSS5.7AI score0.00719EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/03/29 12:0 a.m.4 views

PT-2022-18846 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Continuous Integration with Toad Edge Plugin versions 2.3 and earlier Description: A missing permission check allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins...

4.3CVSS4.3AI score0.00719EPSS
Exploits0References8
Cvelist
Cvelist
added 2021/10/25 9:40 p.m.20 views

CVE-2021-39224 File path disclosure of shared files in OfficeOnline application

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file shared.txt is locat...

3.5CVSS5.4AI score0.00849EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/10/25 9:35 p.m.22 views

CVE-2021-39223 File path disclosure of shared files in Richdocuments application

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...

4.8CVSS5.4AI score0.01021EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2021/10/06 12:0 a.m.302 views

Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure

Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...

5.3CVSS5.7AI score0.7233EPSS
Exploits7
Prion
Prion
added 2021/09/17 11:15 a.m.32 views

Design/Logic Flaw

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...

5CVSS4.9AI score0.7233EPSS
Exploits7References5Affected Software1
Cvelist
Cvelist
added 2021/09/17 10:26 a.m.75 views

CVE-2021-39327 BulletProof Security <= 5.1 Sensitive Information Disclosure

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...

5.3CVSS5.3AI score0.7233EPSS
Exploits7References5
CVE
CVE
added 2021/09/17 10:26 a.m.149 views

CVE-2021-39327

Summary: CVE-2021-39327 affects the BulletProof Security WordPress plugin up to version 5.1, causing a sensitive information disclosure via a publicly accessible file path disclosure in ~/db_backup_log.txt. This reveals the site’s full path and database backup file paths. Impact (as stated): Atta...

5.3CVSS5.2AI score0.7233EPSS
Exploits7References5Affected Software1
CNNVD
CNNVD
added 2021/09/17 12:0 a.m.39 views

WordPress 插件 信息泄露漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin BulletProof Security suffers from an information disclosure vulnerability that stems from the fact that the BulletProof Security plugin for WordPress can easily disclose sensitive information due to a file...

5.3CVSS6.7AI score0.7233EPSS
Exploits7References9
WPVulnDB
WPVulnDB
added 2021/09/16 12:0 a.m.27 views

BulletProof Security < 5.2 - Sensitive Information Disclosure

The plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. PoC...

5.3CVSS0.8AI score0.7233EPSS
Exploits7References2Affected Software1
Cvelist
Cvelist
added 2021/07/12 9:45 p.m.29 views

CVE-2021-32734 File path disclosure of shared files in Nextcloud Text application

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issu...

3.1CVSS7.2AI score0.01381EPSS
Exploits0References4
Nextcloud
Nextcloud
added 2021/07/12 9:23 a.m.42 views

File path disclosure of shared files in Nextcloud Text application

None...

5.3CVSS5.4AI score0.01381EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/04/07 2:11 p.m.53 views

CVE-2017-18687

Technical details (affected product/version, root cause, impact, or fixes) are not publicly provided in the connected documents. Monitor for updates; current sources summarize the issue but do not offer actionable specifics.

5.3CVSS5.4AI score0.0034EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/12/18 10:29 p.m.4 views

DEBIAN-CVE-2018-19789

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method e.g. setNamestring $name of a class that's the dataclass of a form, and when a...

5.3CVSS7.2AI score0.03589EPSS
Exploits0References1
Rows per page
Query Builder