49 matches found
CVE-2025-54141
ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...
UBUNTU-CVE-2025-54141
ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...
CVE-2025-54141 ViewVC's standalone server exposes arbitrary server filesystem content
ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...
CVE-2025-54141
ViewVC’s standalone server (standalone.py) is vulnerable to a directory-traversal style attack that can expose the host filesystem. Affected releases are ViewVC 1.1.0–1.1.31 and 1.2.0–1.2.3; the issue is fixed in 1.1.31 and 1.2.4. Impact is described as exposure of arbitrary filesystem content; n...
CVE-2025-54141 ViewVC's standalone server exposes arbitrary server filesystem content
ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...
viewvc -- Arbitrary server filesystem content
cmpilato reports: The ViewVC standalone web server standalone.py is a script provided in the ViewVC distribution for the purposes of quickly testing a ViewVC configuration. This script can in particular configurations expose the contents of the host server's filesystem though a directory...
CVE-2023-51661
Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...
CVE-2019-6670
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the runsc process, which has "root-like" permissions. An attacker can expose files on the underlying filesystem by escalating privileges before a project is forked. Remediation Upgrade...
CVE-2024-50310
A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 6GK7543-1AX10-0XE0 All versions = V4.0.44 V4.0.50. Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem...
GHSA-2CCP-VQMV-4R4X S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends
Impact Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to authenticated clients. Patches Upgrade to S3Proxy 2.6.0 which includes apache/jclouds@b0819e0ef5e08c792a4d1724b938714ce9503aa3 and 86b6ee4749aa163a78e7898efc063617ed171980. Workarounds...
PT-2024-36531
Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 version 3.40.0.4 Description The issue is caused by an arbitrary system path lookup feature, allowing any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the problem resides in the...
CVE-2023-40338
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system...
Siemens Teamcenter
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference 2. UPDATE INFORMATION This updated advisory is a follow-up to the...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Metrics Plugin in version 4.0.2.8 and earlier is vulnerable to an authorization issue that stems from an unencrypt...
CVE-2021-44232
SAF-T Framework Transaction SAFTNG allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server...
runc: vulnerable to symlink exchange attack
The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...
CVE-2020-27403
A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 tha...
CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...
CVE-2017-16183
iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...