CVE-2022-22793

Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/emlviewer/email.content.body.php?filesystempath=ENCDODED PATH and by doing that, the attacker can read Local Files inside the server...

Cybonet PineApp Mail Secure 安全漏洞

Cybonet PineApp Mail Secure is Israel's Cybonet's ability to block most malicious email threats at the network perimeter while providing a range of additional options for comprehensive security and message control. Cybonet PineApp Mail Secure Relay suffers from a security vulnerability that can b...

CVE-2021-40338

Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24;...

Unrestricted file upload

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file...

Security update for icu.691 (important)

openSUSE Security Update: Security update for icu.691 Announcement ID: openSUSE-SU-2021:4063-1 Rating: important References: 1158955 1159131 1161007 1162882 1167603 1182252 1182645 SLE-17893 Affected Products: openSUSE Leap 15.3 An update that contains security fixes and contains one feature can...

in hascheksolutions/opentrashmail

✍️ Description Attackers can control the filesystem path argument to readfile at api.php line 35 for ?email= parameter, which allows them to access or modify otherwise protected files. Analysis Trace: 1. application take unsensitized input at: $email = strtolower$REQUEST'email'; 2. Assigning user...

libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning

It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system...

CVE-2018-17460

Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name...

CVE-2018-19052

The CVE-2018-19052 issue affects lighttpd’s mod_alias_physical_handler (mod_alias.c): when a configured alias lacks a trailing '/' but the target path has one, there is potential directory traversal to the parent of the alias target. Public advisories confirm this vulnerability across multiple di...

Information Disclosure

insert-module-globals is vulnerable to information disclosure attacks. The vulnerability exists as the full filesystem path to the is-buffer module can be exposed in the bundle...

Moderate: Red Hat Security Advisory: libvirt security, bug fix, and enhancement update

An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

OS X Forensic Evidence Collection: OSXCollector

OS X Forensic Evidence Collection: OSXCollector Forensic Collection The collection script runs on a potentially infected machine and outputs a JSON file that describes the target machine. OSXCollector gathers information from plists, SQLite databases and the local file system. Forensic Analysis...

Fedora 18 : cgit-0.9.2-1.fc18 (2013-9498)

A directory traversal vulnerability was discovered in cgit. By default, cgit is not affected. However, if cgit is configured to use a readme file from a filesystem path instead of from the git repo itself then files outside of the repository can be read. Refer to the discussion on oss-security fo...

Fedora 19 : cgit-0.9.2-1.fc19 (2013-9467)

A directory traversal vulnerability was discovered in cgit. By default, cgit is not affected. However, if cgit is configured to use a readme file from a filesystem path instead of from the git repo itself then files outside of the repository can be read. Refer to the discussion on oss-security fo...

Tiki Wiki unserialize() PHP Code Execution

This module exploits a php unserialize vulnerability in Tiki Wiki 'Tiki Wiki unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in Tiki Wiki = 8.3 which could be abused to allow unauthenticated users to...