Lucene search
K

65 matches found

OSV
OSV
added 2021/09/02 10:5 p.m.36 views

GHSA-9RJP-R58J-FXGQ Path traversal in elFinder.NetCore

This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...

8.6CVSS9.5AI score0.0167EPSS
Exploits0References5
OSV
OSV
added 2021/09/01 3:15 p.m.3 views

CVE-2021-23428

This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...

9.8CVSS7.3AI score0.0167EPSS
Exploits0References3
Prion
Prion
added 2021/09/01 3:15 p.m.18 views

Path traversal

This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...

7.5CVSS9.4AI score0.0167EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/09/01 2:30 p.m.38 views

CVE-2021-23428 Directory Traversal

This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...

8.6CVSS9.7AI score0.0167EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/09/01 2:29 p.m.1 views

CVE-2021-23428

This affects all versions of package elFinder.NetCore. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal...

9.8CVSS5.4AI score0.0167EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/01 12:0 a.m.4 views

elFinder 输入验证错误漏洞

elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multiple file uploads, image scaling, and other features. A security vulnerability exists in all versions of elFinder.NetCore in Snyk. The vulnerability is due to a lack of checking of user input and...

9.8CVSS8.3AI score0.0167EPSS
Exploits0References2
Snyk
Snyk
added 2021/08/20 12:14 p.m.4 views

Directory Traversal

Overview elFinder.NetCore is a file manager for Web. Affected versions of this package are vulnerable to Directory Traversal. The Path.Combine... method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to...

9.8CVSS7.5AI score0.0167EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/01/15 12:0 a.m.9 views

Mcafee McAfee Agent 授权问题漏洞

The McAfee McAfee Agent MA is a set of client components from McAfee, Inc. that provides secure communications between ePolicy Orchestrator the antivirus management platform and managed products. A security vulnerability exists in McAfee Agent for Windows prior to 5.7.1, which stems from a lack o...

5.5CVSS6AI score0.00354EPSS
Exploits0References3
OSV
OSV
added 2020/10/07 7:15 p.m.2 views

UBUNTU-CVE-2020-15175

In GLPI before version 9.5.2, the ​pluginimage.send.php​ endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”...

9.1CVSS7.3AI score0.71352EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/10/07 12:0 a.m.10 views

PT-2020-14248 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.2 Description: The issue allows a user to specify an image from a plugin through the "pluginimage.send.php" endpoint. The parameters can be maliciously crafted to delete the .htaccess file for the files directory,...

10CVSS6.3AI score0.99628EPSS
Exploits32References128
Cvelist
Cvelist
added 2019/06/03 6:22 p.m.28 views

CVE-2019-3567

In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permission...

8.1AI score0.0166EPSS
Exploits0References1
Prion
Prion
added 2019/01/10 2:29 p.m.14 views

Directory traversal

An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal...

6.4CVSS7.6AI score0.01536EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2017/04/12 12:0 a.m.228 views

Microsoft Office Suite Remote Code Execution Vulnerability (KB3178702)

This host is missing a critical update for Microsoft Office Suite according to Microsoft security update KB3178702. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

9.3CVSS8.1AI score0.99933EPSS
Exploits29References4
Drupal
Drupal
added 2016/03/16 12:0 a.m.17 views

Fast Autocomplete - Critical - DOS vulnerability - SA-CONTRIB-2016-016

This module enables you to show IMDB-like suggestions when entering terms into an input field using json files to "cache" suggestions making the autocomplete very fast. The module doesn't sufficiently validate the incoming language parameter in the request path when a json file of the module is...

7.1AI score
Exploits0References14
Prion
Prion
added 2015/05/12 7:59 p.m.19 views

Race condition

Race condition in Lenovo System Update formerly ThinkVantage System Update before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated...

6.9CVSS7.1AI score0.00269EPSS
Exploits0References4Affected Software1
Drupal
Drupal
added 2014/03/05 12:0 a.m.24 views

SA-CONTRIB-2014-029 - Mime Mail - Access Bypass

The MIME Mail module allows to send MIME-encoded e-mail messages with embedded images and attachments. By default the module only allows files to be embedded or attached that are located in the public files directory. The module doesn't sufficiently check the file location, considering similar...

7.3AI score
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2013/12/06 12:0 a.m.18 views

FreeBSD : drupal -- multiple vulnerabilities (d9649816-5e0d-11e3-8d23-3c970e169bc2)

Drupal Security Team reports : Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. - Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 - Multiple vulnerabilities due to weakness in pseudorandom numb...

5.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/12/02 12:0 a.m.23 views

Nagios Looking Glass Addon for Nagios server/s3_download.php File Disclosure

The Nagios Looking Glass Addon for Nagios installed on the remote host is affected by a file disclosure vulnerability. By sending a specially crafted request to the Addon's 'server/s3download.php' script, a remote, unauthenticated attacker can leverage this vulnerability to obtain the contents of...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
added 2013/11/20 12:0 a.m.15 views

drupal -- multiple vulnerabilities

Drupal Security Team reports: Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Multiple vulnerabilities due to weakness in pseudorandom number...

0.6AI score
Exploits0References1
0day.today
0day.today
added 2010/10/28 12:0 a.m.20 views

Safe Returner 1.27.5 Commandline Vulnerability

Exploit for windows platform in category local exploits ============================================== Safe Returner 1.27.5 Commandline Vulnerability ============================================== Exploit Title : Commandline vulnerability Date : 27 Oct 2010 Author : STRELiTZIA Software : Safe...

6.8AI score
Exploits0
Rows per page
Query Builder