CVE-2020-7758

This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server...

CVE-2020-7758

This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server...

Path traversal

This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server...

CVE-2020-7758

CVE-2020-7758 describes a path traversal vulnerability in browserless-chrome where user input from the workspace endpoint is used to construct a filePath, which is then fetched and returned, allowing an attacker to escape to arbitrary files on the server. Public sources in the connected docs cons...

PT-2020-19771 · Browserless · Browserless-Chrome

Name of the Vulnerable Software and Affected Versions: browserless-chrome versions prior to 1.43.0 Description: The issue affects browserless-chrome, where user input from the "workspace endpoint" is used to create a file path filePath. This filePath is then fetched and sent back to the user,...

Brave Android 1.16.68 Security Fixes

Fixed file-path for cookies as reported on HackerOne by kanytu. - Encrypted private wallet data preferences for Brave Rewards...

Directory Traversal

superstatic is vulnerable to directory traversal. Lack of validation in the file path allows a user to access to system files through the path name using the ../ characters...

Huawei EulerOS: Security Advisory for perl-File-Path (EulerOS-SA-2020-2203)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : perl-File-Path (EulerOS-SA-2020-2203)

According to the version of the perl-File-Path package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attackers to set th...

Mail.ru: Получение локального пути до файла [geekbrains.ru]

Verbose error output was enabled on lms-beta.geekbrains.ru...

The vulnerability of the WildFly application server in Java, caused by synchronization errors when using a shared resource, allows attackers to terminate arbitrary processes in the system.

The vulnerability of the WildFly application server in Java is caused by synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to terminate arbitrary processes in the system by modifying the PID file located at /var/run/jboss-eap/...

HyperComments <= 1.2.2 - Unauthenticated Arbitrary File Deletion

The plugin does not validate and sanitise user input which is being concatenated to create a file path, passed to unlink, which leads to an arbitrary file deletion issue. For more details about this issue, please see the reference. PoC File: hypercomments/hypercomments.php:112 $filename =...

pcp: Local privilege escalation in pcp spec file %post section

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...

Huawei EulerOS: Security Advisory for perl-File-Path (EulerOS-SA-2020-2048)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : perl-File-Path (EulerOS-SA-2020-2048)

According to the version of the perl-File-Path package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Race condition in the rmtree and removetree functions in the File-Path module before 2.13 for Perl allows attacker...

Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2020-2119)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : ruby (EulerOS-SA-2020-2139)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause...

Directory Traversal

static-server-gx is vulnerable to directory traversal. The vulnerability exists as it does not validate the file path for input such as ../, allowing the escape from the target root directory...

Vertiv UPS Management Module FTP Service Arbitrary File Modification Vulnerability

Vertiv Technologies Limited Vertiv, was founded in 2000. Vertiv designs, manufactures and provides services for critical infrastructure equipment to keep data centers, communication networks, commercial and industrial facilities running well, and provides power supply and distribution, thermal...

Sinter - A User-Mode Application Authorization System For MacOS Written In Swift

Sinter is a 100% user-mode endpoint security agent for macOS 10.15 and above, written in Swift. Sinter uses the user-mode EndpointSecurity API to subscribe to and receive authorization callbacks from the macOS kernel, for a set of security-relevant event types. The current version of Sinter...