CVE-2020-21485

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component...

CVE-2020-21485

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component...

PT-2023-11589 · Alluxio · Alluxio

Name of the Vulnerable Software and Affected Versions: Alluxio version 1.8.1 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the path parameter in the "browse board component". Recommendations: For Alluxio version 1.8.1, consider restricting access...

Alluxio 跨站脚本漏洞

Alluxio is Alluxio's to increase the speed of end-to-end distributed machine learning in the cloud. A cross-site scripting XSS vulnerability exists in Alluxio version v.1.8.1, which can be exploited by a remote attacker to execute arbitrary code via the path parameter in the browseboard component...

CVE-2023-3239

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be...

Expert X Jobs Portal And Resume Builder 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

PYSEC-2023-70

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

PYSEC-2023-70

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

Mlflow 路径遍历漏洞

Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow version v2.0.1 and earlier versions. An attacker exploiting this vulnerability can read arbitrary files on the server via the path parameter...

CVE-2023-30172

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

http_server 跨站脚本漏洞

httpserver is an HTTP server utility class. A cross-site scripting vulnerability exists in Dart httpserver 0.9.5 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the request.uri.path parameter...

Ruijie Networks RG-EG Series Routers 命令注入漏洞

Ruijie Networks RG-EG Series Routers is a gateway product from Ruijie Networks China. A security vulnerability exists in Ruijie Networks RG-EW1200 Wireless Routers version EW3.01B11P204, which was discovered to contain a command injection vulnerability via the params.path parameter of the...

MuYuCMS 路径遍历漏洞

MuYuCMS is MuYuCMS open source a lightweight open source content management system . MuYuCMS 2.2 version of a path traversal vulnerability , the vulnerability stems from the wrong operation of the parameter filepath leads to path traversal...

SUSE CVE-2006-2871

PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter. NOTE: CVE disputes this issue, since $scriptpath is set to a constant value...

SUSE CVE-2016-5253

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link...

CVE-2022-3568

The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...

The vulnerability of the PostgreSQL database management system, related to an uncontrolled search path element, allows a perpetrator to enhance their privileges and execute arbitrary commands.

The vulnerability of the PostgreSQL database management system is related to an uncontrolled element in the search path processing when handling the searchpath parameter. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands...

PT-2022-27435 · Wso2 · Wso2 Carbon-Registry

Name of the Vulnerable Software and Affected Versions: WSO2 carbon-registry versions up to 4.8.6 Description: A vulnerability has been found in WSO2 carbon-registry, affecting an unknown part of the component Request Parameter Handler. The manipulation of the argument...

CVE-2022-39802

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can b...

CVE-2022-39802

SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can b...