Lucene search
K

409 matches found

UbuntuCve
UbuntuCve
added 2019/03/27 1:29 p.m.32 views

CVE-2019-3828

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...

4.2CVSS6.8AI score0.00522EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/01/15 12:0 a.m.5 views

The vulnerability of the Cisco Wireless LAN Controller’s web interface allows a perpetrator to disclose protected information.

The vulnerability of the Cisco Wireless LAN Controller web interface is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

6.8CVSS6.7AI score0.04638EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/07/16 12:0 a.m.3 views

PT-2018-3182 · Neomutt +4 · Neomutt +4

Name of the Vulnerable Software and Affected Versions: NeoMutt versions prior to 2018-07-16 Description: An issue exists due to the improper restriction of '/' characters in the newsrc.c component, potentially leading to unsafe interactions with cache pathnames. This could allow a remote attacker...

9.8CVSS6.5AI score0.09694EPSS
Exploits4References164
OSV
OSV
added 2018/06/27 6:29 p.m.3 views

CVE-2018-1306

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

7.5CVSS5.9AI score0.43895EPSS
Exploits5References2
CNVD
CNVD
added 2018/02/05 12:0 a.m.3 views

Damon Database Override Access Vulnerability

DM7 is a new-generation database product designed by Damon on the basis of summarizing the R&D and application experience of DM series products, absorbing the advantages of mainstream database products, and adopting JAVA-like virtual machine technology. Damon database has override access...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/09/13 12:0 a.m.6 views

The vulnerability of the Apache Tomcat application server’s HTTP/2 implementation allows attackers to bypass security checks.

The vulnerability of the Apache Tomcat application server that implements HTTP/2 exists due to an incorrect path limitation for the directory with restricted access. Exploiting this vulnerability allows a malicious actor to bypass security checks by using a specially crafted URL link...

5CVSS7.2AI score0.1014EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2017/05/26 12:58 a.m.114 views

Exploit for Code Injection in Samba

SambaCry RCE exploit for Samba 4.5.9 !Docker Pullshttps:/...

10CVSS9.3AI score0.99448EPSS
Exploits24
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.5 views

The vulnerability of the Security SiteProtector System, a website security protection system, allows a hacker to write arbitrary files.

The vulnerability of the Security SiteProtector System’s security protection mechanism exists due to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to remotely write arbitrary files...

5.5CVSS5.6AI score0.01362EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.7 views

The vulnerability of the Business Process Manager system allows a perpetrator to read arbitrary files.

The vulnerability of the Business Process Manager system exists due to an incorrect restriction on the name of the path leading to the restricted access catalog. Exploiting this vulnerability allows a malicious actor, operating remotely, to read arbitrary files using a specially crafted URL...

4CVSS5.6AI score0.02917EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/05/11 12:0 a.m.2 views

PI Engine Arbitrary File Read Vulnerability

PI Engine is an open source CMS system. The /browser.php page of PI Engine is used to provide file browsing functionality, which has flaws in checking file types and also does not correctly restrict file paths, allowing attackers to construct paths to access files in any directory...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/04/18 7:25 a.m.4 views

chromium-browser: android downloaded file path restriction bypass

The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors...

7.5CVSS7.4AI score0.01462EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2016/04/14 12:0 a.m.4 views

The vulnerability of the Debian GNU/Linux operating system, which allows a hacker to read arbitrary files

The vulnerability of the wiki.c function in DidiWiki’s kernel is related to deficiencies in pathname restrictions for the catalog. Exploiting this vulnerability could allow a malicious actor to read arbitrary files through the api/page/get parameter...

5CVSS7.3AI score0.03534EPSS
Exploits0References9Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/11/20 12:0 a.m.7 views

The vulnerability in the web application for data synchronization with ownCloud allows a hacker to read the list of directory contents or cause a service failure.

The vulnerability of the web application for syncing data with ownCloud exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to read the content of the directories or cause service failures by manipulating the...

7.5CVSS5.5AI score0.02627EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/11/15 12:0 a.m.4 views

ZTE ZXHN H108N R1A Arbitrary File Read Vulnerability

The ZTE ZXHN H108N R1A is a wireless router product from China's ZTE Corporation. The webproc cgi module in ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.hPE fails to properly restrict Restricted Directory pathnames, which allows remote attackers to exploit the vulnerability to read arbitrary files on...

7.8CVSS9.2AI score0.1554EPSS
Exploits4References1
BDU FSTEC
BDU FSTEC
added 2015/08/07 12:0 a.m.6 views

The vulnerability of the Moodle learning management system allows a hacker to access and read arbitrary files.

The vulnerability of the mingetslashargument function in the lib/configonlylib.php component of the Moodle learning management system exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to read arbitrary files...

6.8CVSS5.6AI score0.02638EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/06/18 12:0 a.m.6 views

The vulnerability of the NetCharts Server data visualization platform allows a hacker to write arbitrary files.

The vulnerability in the saveFile.jsp file of the NetCharts Server deployment tool exists due to an incorrect restriction on the path name for the restricted access directory. Exploiting this vulnerability allows a malicious actor to write any files they desire...

10CVSS5.5AI score0.07156EPSS
Exploits1References3
Debian
Debian
added 2015/04/17 5:39 p.m.16 views

[SECURITY] [DLA 202-1] wesnoth-1.8 security update

Package : wesnoth-1.8 Version : 1:1.8.5-1+deb6u1 CVE ID : CVE-2015-0844 Ignacio R. Morelle discovered that missing path restrictions in the "Battle of Wesnoth" game could result in the disclosure of arbitrary files in the users home directory if malicious campaigns/maps are loaded. For the...

5CVSS5.8AI score0.02322EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/04/09 12:0 a.m.18 views

Debian: Security Advisory (DSA-3218-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.02322EPSS
Exploits0References3
CNVD
CNVD
added 2015/02/27 12:0 a.m.5 views

Multiple Vulnerabilities in UberFire Framework

UberFire Framework is a rich client platform architecture software. The software supports high-availability deployments. An arbitrary code execution and file read vulnerability exists in UberFire Framework version 0.3.x, which stems from the program failing to properly restrict paths. A remote...

6.8CVSS8.1AI score0.03101EPSS
Exploits0References1
NVD
NVD
added 2015/02/20 4:59 p.m.23 views

CVE-2014-8114

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...

6.8CVSS7.4AI score0.03101EPSS
Exploits0References4
Rows per page
Query Builder