409 matches found
CVE-2019-3828
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
The vulnerability of the Cisco Wireless LAN Controller’s web interface allows a perpetrator to disclose protected information.
The vulnerability of the Cisco Wireless LAN Controller web interface is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
PT-2018-3182 · Neomutt +4 · Neomutt +4
Name of the Vulnerable Software and Affected Versions: NeoMutt versions prior to 2018-07-16 Description: An issue exists due to the improper restriction of '/' characters in the newsrc.c component, potentially leading to unsafe interactions with cache pathnames. This could allow a remote attacker...
CVE-2018-1306
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...
Damon Database Override Access Vulnerability
DM7 is a new-generation database product designed by Damon on the basis of summarizing the R&D and application experience of DM series products, absorbing the advantages of mainstream database products, and adopting JAVA-like virtual machine technology. Damon database has override access...
The vulnerability of the Apache Tomcat application server’s HTTP/2 implementation allows attackers to bypass security checks.
The vulnerability of the Apache Tomcat application server that implements HTTP/2 exists due to an incorrect path limitation for the directory with restricted access. Exploiting this vulnerability allows a malicious actor to bypass security checks by using a specially crafted URL link...
Exploit for Code Injection in Samba
SambaCry RCE exploit for Samba 4.5.9 !Docker Pullshttps:/...
The vulnerability of the Security SiteProtector System, a website security protection system, allows a hacker to write arbitrary files.
The vulnerability of the Security SiteProtector System’s security protection mechanism exists due to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to remotely write arbitrary files...
The vulnerability of the Business Process Manager system allows a perpetrator to read arbitrary files.
The vulnerability of the Business Process Manager system exists due to an incorrect restriction on the name of the path leading to the restricted access catalog. Exploiting this vulnerability allows a malicious actor, operating remotely, to read arbitrary files using a specially crafted URL...
PI Engine Arbitrary File Read Vulnerability
PI Engine is an open source CMS system. The /browser.php page of PI Engine is used to provide file browsing functionality, which has flaws in checking file types and also does not correctly restrict file paths, allowing attackers to construct paths to access files in any directory...
chromium-browser: android downloaded file path restriction bypass
The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors...
The vulnerability of the Debian GNU/Linux operating system, which allows a hacker to read arbitrary files
The vulnerability of the wiki.c function in DidiWiki’s kernel is related to deficiencies in pathname restrictions for the catalog. Exploiting this vulnerability could allow a malicious actor to read arbitrary files through the api/page/get parameter...
The vulnerability in the web application for data synchronization with ownCloud allows a hacker to read the list of directory contents or cause a service failure.
The vulnerability of the web application for syncing data with ownCloud exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to read the content of the directories or cause service failures by manipulating the...
ZTE ZXHN H108N R1A Arbitrary File Read Vulnerability
The ZTE ZXHN H108N R1A is a wireless router product from China's ZTE Corporation. The webproc cgi module in ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.hPE fails to properly restrict Restricted Directory pathnames, which allows remote attackers to exploit the vulnerability to read arbitrary files on...
The vulnerability of the Moodle learning management system allows a hacker to access and read arbitrary files.
The vulnerability of the mingetslashargument function in the lib/configonlylib.php component of the Moodle learning management system exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to read arbitrary files...
The vulnerability of the NetCharts Server data visualization platform allows a hacker to write arbitrary files.
The vulnerability in the saveFile.jsp file of the NetCharts Server deployment tool exists due to an incorrect restriction on the path name for the restricted access directory. Exploiting this vulnerability allows a malicious actor to write any files they desire...
[SECURITY] [DLA 202-1] wesnoth-1.8 security update
Package : wesnoth-1.8 Version : 1:1.8.5-1+deb6u1 CVE ID : CVE-2015-0844 Ignacio R. Morelle discovered that missing path restrictions in the "Battle of Wesnoth" game could result in the disclosure of arbitrary files in the users home directory if malicious campaigns/maps are loaded. For the...
Debian: Security Advisory (DSA-3218-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Multiple Vulnerabilities in UberFire Framework
UberFire Framework is a rich client platform architecture software. The software supports high-availability deployments. An arbitrary code execution and file read vulnerability exists in UberFire Framework version 0.3.x, which stems from the program failing to properly restrict paths. A remote...
CVE-2014-8114
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...