CVE-2024-5273

CVE-2024-5273: Affects Jenkins Report Info Plugin up to version 1.2. Root cause is lack of workspace path validation when serving report files. Attackers with Item/Configure permission can edit the workspace path to read Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors from...

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...

Jenkins Plugin Report Info 安全漏洞

Jenkins and Jenkins Plugin are both open source products of Jenkins.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software ... A security...

CVE-2024-4388

This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server...

CVE-2024-4388

CVE-2024-4388 affects the WordPress CAS plugin (versions <= 1.0.0). The vulnerability arises from a failure to validate a user-supplied path when downloading files, enabling an unauthenticated attacker to download arbitrary server files via endpoints like download.php?path=.... Several connect...

CVE-2024-4442

The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete...

PT-2024-38572 · Bit Form · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions 2.0 through 2.13.9 Description: The issue is related to insufficient file path validation in multiple functions, allowing authenticated attackers with Administrator-level access and above to read and dele...

PT-2024-30585 · WordPress · Startklar Elementor Addons

Name of the Vulnerable Software and Affected Versions: Startklar Elementor Addons plugin for WordPress versions up to, and including, 1.7.13 Description: The issue arises from the plugin not properly validating the path of an uploaded file prior to deleting it, making it possible for...

CVE-2023-51603

Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerabili...

CVE-2023-40498

LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within th...

CVE-2023-40498

LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within th...

CVE-2023-39459

Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in...

CVE-2023-34298

Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target...

A10 Networks Thunder ADC 安全漏洞

A10 Networks Thunder ADC is an application distribution/load balancer from A10 Networks that provides high performance. A10 Networks Thunder ADC has a security vulnerability that originates from failure to properly validate user-supplied paths before using them, a directory traversal and...

LG Simple Editor 安全漏洞

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by failing to properly validate a user-supplied path before using it in ...

A10 Networks Thunder ADC 安全漏洞

A10 Networks Thunder ADC is an application distribution/load balancer from A10 Networks that provides high performance. A10 Networks Thunder ADC has a security vulnerability that originates from failure to properly validate user-supplied paths before using them, a directory traversal and arbitrar...

Pulse Secure Client 安全漏洞

Pulse Secure Client is a suite of client software from Pulse Secure USA for end devices that access the Pulse Secure gateway. A security vulnerability exists in Pulse Secure Client that stems from failure to properly validate a user-supplied path before using it in a file operation, allowing a...

Honeywell Saia PG5 Controls Suite 安全漏洞

Honeywell Saia PG5 Controls Suite is a control system software for industrial automation and building automation from Honeywell USA. A security vulnerability exists in Honeywell Saia PG5 Controls Suite that originates from failure to properly validate a user-supplied path before using it in a fil...

LG Simple Editor 安全漏洞

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by failing to properly validate a user-supplied path before using it in ...