Directory Traversal

node-static is vulnerable to Directory Traversal. The vulnerability exists due to the servePath function in node-static.js, which allows a remote attacker to access restricted data outside the intended directory due to improper file path sanitization...

node-static and @nubosoftware/node-static vulnerable to Directory Traversal

node-static and its fork, @nubosoftware/node-static, are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

CVE-2023-26111

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

Directory traversal

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

CVE-2023-26111

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

node-static 路径遍历漏洞

node-static is an rfc 2616 compliant HTTP static file server module with built-in caching. A security vulnerability exists in node-static due to improper file path cleanup in the startsWith method of the servePath function...

FreshRSS 日志信息泄露漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. FreshRSS suffers from a log information disclosure vulnerability that stems from a user-supplied password being logged in plaintext in users//logapi.txt in the event of an authentication failure...

WordPress plugin woo-popup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-16758 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: flatpress versions prior to 1.3 Description: The issue concerns external control of file name or path in the GitHub repository flatpressblog/flatpress. Recommendations: For versions prior to 1.3, update to version 1.3 or later to resolve the...

CVE-2023-1105

CVE-2023-1105 affects FlatPress prior to v1.3 in the flatpressblog/flatpress repository. The root cause is external control of file names or paths, enabling manipulation of file targets. Impact is described as the ability to influence filenames/paths; exploitation status is not provided in the do...

CVE-2022-41722

...

U.S. Dept Of Defense: Path traversal leads to reading of local files on ███████ and ████

A directory traversal vulnerability was discovered in the downloadForm endpoint of a web application, allowing an attacker to read files on the system by adding "../" to the filename parameter. This could potentially lead to the disclosure of sensitive information or system compromise. The...

TeamPass External Control of File Name or Path vulnerability

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

CVE-2023-0331

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

Xxe

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

CVE-2023-1070

CVE-2023-1070 affects TeamPass (nilsteampassnet/teampass) prior to version 3.0.0.22. The issue is described as External Control of File Name or Path, enabling an attacker to delete arbitrary files through manipulation of file names/paths. The root cause is a vulnerability in how file names/paths ...

CVE-2023-1070 External Control of File Name or Path in nilsteampassnet/teampass

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

MuYuCMS 路径遍历漏洞

MuYuCMS is MuYuCMS open source a lightweight open source content management system . MuYuCMS 2.2 version of a security vulnerability , the vulnerability stems from the wrong operation of the parameter filepath leads to relative path traversal...

UBUNTU-CVE-2023-26038

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...

CVE-2023-26038 ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...