CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

DEBIAN-CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

The vulnerability of the IBM Cloud Pak for Data Analysis and Management platform, known as CP4D, arises from improper external management of file names or paths. This allows attackers to modify any arbitrary files or data within the system.

The vulnerability of the IBM Cloud Pak for Data Analysis and Management platform CP4D is related to improper external management of file names or paths. Exploiting this vulnerability could allow a attacker to modify any arbitrary files or data within the system...

CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

Arbitrary File Write

github.com/hashicorp/nomad is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of symlinks by the template renderer. The attacker can manipulate file paths and write arbitrary files to the host system...

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

CVE-2023-4637 WPvivid <= 0.9.94 - Missing Authorization

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

WPvivid < 0.9.95 - Missing Authorization

Description The plugin vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function, making it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID...

CVE-2020-36772

CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...

CVE-2020-36772

CloudLinux CageFS CVE-2020-36772 affects CageFS 7.0.8-2 and earlier, where file paths given to the sendmail proxy command are not sufficiently restricted. This enables local users to read/write arbitrary files outside the CageFS environment. The vulnerability is triggered by insufficient path val...

WordPress Plugin Clone Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

HCL Technologies DRYiCE MyXalytics Path Traversal Vulnerability

HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics that stems from certain endpoints that allow a user to manipulate the path including filename where these files are...

USN-6556-1: Budgie Extras vulnerabilities

It was discovered that Budgie Extras incorrectly handled certain temporary file paths. An attacker could possibly use this issue to inject false information or deny access to the application. CVE-2023-49342, CVE-2023-49343, CVE-2023-49347 Matthias Gerstner discovered that Budgie Extras incorrectl...

USN-6556-1 budgie-extras vulnerabilities

It was discovered that Budgie Extras incorrectly handled certain temporary file paths. An attacker could possibly use this issue to inject false information or deny access to the application. CVE-2023-49342, CVE-2023-49343, CVE-2023-49347 Matthias Gerstner discovered that Budgie Extras incorrectl...

Kibana 8.11.2, 7.17.16 Security Update (ESA-2023-27)

Kibana Insertion of Sensitive Information into Log File ESA-2023-27 An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which...

PT-2023-8930 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 8.11.2 Description: An issue was discovered whereby sensitive information may be recorded in Kibana logs in the event of an error or when debug level logging is enabled. The messages recorded in the log may contain...

CVE-2023-6352

The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services IIS or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate...

Path Traversal

Reactor Netty HTTP Server is vulnerable to Path Traversal. The vulnerability is due to improper validation for file paths. An attacker can accesses unauthorized files or directories by using crafted URLs...