BIT-NODE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

RHEL 4 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - NetworkManager, wpasupplicant: Improper x509v3 certificate and key file paths sanitization CVE-2012-1096 Note that...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

Check Point Security Gateway RCE Exploit Tool CVE-2024-249...

Path Traversal

org.openapitools, openapi-generator-online is vulnerable to a Path Traversal. The vulnerability is due to unrestricted access to the outputFolder option, which allows attackers to manipulate file paths and potentially read or delete files and folders outside of the intended directory...

PT-2024-25515 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.4.0 Description: An issue was discovered that allows Local File Inclusion LFI when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming...

Moderate: squashfs-tools security update

SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems. Security Fixes: squashfs-tools: unvalidated filepaths allow writing outside of destination CVE-2021-40153 squashfs-tools: possible Directory Traversal via...

GHSA-VX97-8Q8Q-QGQ5 Mattermost's detailed error messages reveal the full file path

Mattermost versions 9.6.x = 9.6.0, 9.5.x = 9.5.2, 9.4.x = 9.4.4 and 8.1.x = 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored...

langchain vulnerable to path traversal

langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory 'Path Traversal' in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to...

CVE-2024-1961

CVE-2024-1961 affects the open-source project vertaai/modeldb. The vulnerability is a path traversal flaw caused by improper sanitization of user-supplied file paths in the file upload flow, specifically in the NFSController.java and NFSService.java components. Attackers can manipulate the artifa...

Local File Inclusion (LFI)

gradio is vulnerable to a Local File Inclusion. This vulnerability is due to improper validation of user-supplied input in the UploadButton component, specifically in the handling of file paths during file uploads to the /queue/join endpoint, which allows attackers to read arbitrary files on the...

Path Traversal

github.com/mholt/archiver is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths within tar archives, allowing an attacker to craft a tar file that, when unpacked, can access or modify files or directories outside of the intended directory...

Local File Inclusion

voila is vulnerable to Local File Inclusion. The vulnerability is due to improper handling of file paths within app.py which allows an attacker to access readable files on the server's filesystem...

emacs: command injection vulnerability in htmlfontify.el

A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed...

CVE-2024-2635

The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they d...

CVE-2024-2635 Multiple vulnerabilities on Meta4 HR from Cegid

The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they d...

CVE-2024-2635 Multiple vulnerabilities on Meta4 HR from Cegid

The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they d...

CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

DEBIAN-CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

The vulnerability of the IBM Cloud Pak for Data Analysis and Management platform, known as CP4D, arises from improper external management of file names or paths. This allows attackers to modify any arbitrary files or data within the system.

The vulnerability of the IBM Cloud Pak for Data Analysis and Management platform CP4D is related to improper external management of file names or paths. Exploiting this vulnerability could allow a attacker to modify any arbitrary files or data within the system...

CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...