768 matches found
GHSA-3VG2-4QXC-CH4J Directory Traversal in unicorn-list
Affected versions of unicorn-list resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Examp...
Directory Traversal in simple-npm-registry
Affected versions of simple-npm-registry resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal in commentapp.stetsonwood
Affected versions of commentapp.stetsonwood resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...
GHSA-VGJP-VH3C-32V3 Directory Traversal in mockserve
Affected versions of mockserve resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
Directory Traversal in looppake
Affected versions of looppake resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
Directory Traversal in ewgaddis.lab6
Affected versions of ewgaddis.lab6 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal in serverxxx
Affected versions of serverxxx resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
Directory Traversal in getcityapi.yoehoehne
Affected versions of getcityapi.yoehoehne resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable syste...
GHSA-79P8-4CWQ-RHQH Directory Traversal in jn_jj_server
Affected versions of jnjjserver resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
GHSA-QMHF-QG6F-PC4V Directory Traversal in fbr-client
Affected versions of fbr-client resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
PostgreSQL Backlink Vulnerability
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A backlink vulnerability exists in the Red Hat initialization scrip...
spark: Absolute and relative pathnames allow for unintended static file disclosure
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...
CVE-2018-5118
The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...
PT-2018-16151 · 626 · 626
Name of the Vulnerable Software and Affected Versions: 626 versions all Description: The issue is related to a Path Traversal vulnerability due to the lack of validation of files, which allows a malicious user to read the content of any file with a known path. This enables a remote attacker to re...
CVE-2018-1265
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego...
CVE-2018-1265
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego...
CVE-2018-1265: Diego does not properly sanitize file paths in tar/zip files | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using diego-release versions prior to 2.8.0 You are using cf-deployment versions prior to v1.37.0 Description Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize fil...
Code injection
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access for example, any user when licensed for Appliance Mode, this allo...
CVE-2018-5519
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access for example, any user when licensed for Appliance Mode, this allo...
CVE-2018-5519
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access for example, any user when licensed for Appliance Mode, this allo...