CVE-2021-32482

CVE-2021-32482 affects Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x. Multiple connected sources describe a Cross‑Site Scripting (XSS) vulnerability exploitable via a path parameter. The root cause is an XSS condition in the path handling of Cloudera Manager; explicit exploit details, affect...

CVE-2021-33800

In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal...

CVE-2021-23624

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays...

Type confusion

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays...

Alibaba Druid 路径遍历漏洞

Alibaba Druid is an open source database connection pool for monitoring and control, produced by the DataWorks team, an Alibaba cloud computing platform. A security vulnerability exists in Alibaba Druid version 1.2.3, which stems from the software's lack of effective filtering and restriction of...

RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack

A reflected Cross-Site Scripting XSS flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The...

CVE-2020-36377

An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...

CVE-2020-26707

An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter...

CVE-2020-36379

An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...

Shenzhim Aaptjs 操作系统命令注入漏洞

aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the packageCmd function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...

Shenzhim Aaptjs 操作系统命令注入漏洞

aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the list function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...

CVE-2020-36486

Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting XSS vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling...

CVE-2020-23042

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting XSS vulnerability in the path parameter of the list and download module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request...

CVE-2020-23042

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting XSS vulnerability in the path parameter of the list and download module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request...

CVE-2020-23061

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the list and download module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command...

CVE-2020-23038

Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables...

CVE-2020-23038

Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables...

Information disclosure

Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables...

Directory traversal

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the list and download module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command...

Cross site scripting

Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting XSS vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling...