77 matches found
ALPINE-CVE-2024-38475
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...
Mattermost's detailed error messages reveal the full file path
Mattermost versions 9.6.x = 9.6.0, 9.5.x = 9.5.2, 9.4.x = 9.4.4 and 8.1.x = 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored...
CVE-2024-32046 Detailed error discloses full file path with dev mode off
Mattermost versions 9.6.x = 9.6.0, 9.5.x = 9.5.2, 9.4.x = 9.4.4 and 8.1.x = 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored...
PT-2023-30526 · Pimcore · Pimcore Admin Classic Bundle
Name of the Vulnerable Software and Affected Versions: Pimcore Admin Classic Bundle versions prior to 1.2.1 Description: The issue allows an attacker to see the path to the webroot/file, which can be used in conjunction with other vulnerabilities, such as SQL Injection using the load file query, ...
CVE-2023-24455
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
Jenkins Files Found Trigger Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Continuous Integration with Toad Edge Plugin 访问控制错误漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An access control error vulnerability exis...
PT-2022-18846 · Jenkins +1 · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins Continuous Integration with Toad Edge Plugin versions 2.3 and earlier Description: A missing permission check allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins...
CVE-2021-39224 File path disclosure of shared files in OfficeOnline application
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file shared.txt is locat...
CVE-2021-39223 File path disclosure of shared files in Richdocuments application
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...
Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure
Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...
Design/Logic Flaw
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...
CVE-2021-39327 BulletProof Security <= 5.1 Sensitive Information Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...
CVE-2021-39327
Summary: CVE-2021-39327 affects the BulletProof Security WordPress plugin up to version 5.1, causing a sensitive information disclosure via a publicly accessible file path disclosure in ~/db_backup_log.txt. This reveals the site’s full path and database backup file paths. Impact (as stated): Atta...
WordPress 插件 信息泄露漏洞
WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin BulletProof Security suffers from an information disclosure vulnerability that stems from the fact that the BulletProof Security plugin for WordPress can easily disclose sensitive information due to a file...
BulletProof Security < 5.2 - Sensitive Information Disclosure
The plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. PoC...
CVE-2021-32734 File path disclosure of shared files in Nextcloud Text application
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issu...
File path disclosure of shared files in Nextcloud Text application
None...
CVE-2017-18687
Technical details (affected product/version, root cause, impact, or fixes) are not publicly provided in the connected documents. Monitor for updates; current sources summarize the issue but do not offer actionable specifics.
DEBIAN-CVE-2018-19789
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method e.g. setNamestring $name of a class that's the dataclass of a form, and when a...