2131 matches found
PT-2023-27491 · Lg · Lg Simple Editor
Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this issue, the...
GHSA-44WR-RMWQ-3PHW Craft CMS vulnerable to Remote Code Execution via validatePath bypass
Summary Bypassing the validatePath function can lead to potential Remote Code Execution Post-authentication, ALLOWADMINCHANGES=true Details In bootstrap.php, the SystemPaths path is set as below. php // Set the vendor path. By default assume that it's 4 levels up from here $vendorPath =...
PT-2023-4408 · Triangle Microworks · Scada Data Gateway
Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations. User interaction is required, where the target must visit a malicious...
CLSA-2023-1691083477 Fix CVE(s): CVE-2021-25329, CVE-2022-23181, CVE-2020-9484
SECURITY UPDATE: Remote Code Execution via session persistence - debian/patches/CVE-2020-9484.patch: Improve validation of storage location when using FileStore. - CVE-2020-9484 SECURITY UPDATE: Fix for CVE-2020-9484 was incomplete - debian/patches/CVE-2021-25329-pre1.patch: Fix some edge cases...
CVE-2023-26441
Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the...
CVE-2023-26441
Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the...
Input validation
Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the...
CVE-2023-26441
CVE-2023-26441 affects the Open-Xchange AppSuite Cacheservice. An attacker with database access or on a local/restricted network could read arbitrary local files accessible by the service user due to improper validation of relative cache object paths. The issue is addressed by improved path valid...
PT-2023-20634 · Unknown · Cacheservice
Name of the Vulnerable Software and Affected Versions: Cacheservice affected versions not specified Description: The issue arises from the Cacheservice not correctly checking if relative cache objects point to the defined absolute location when accessing resources. This allows an attacker with...
CVE-2023-34394
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
CVE-2023-34394
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
CVE-2023-34394 Keysight N6845A Relative Path Traversal
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
CVE-2023-34394
In CVE-2023-34394, Keysight Geolocation Server versions up to v2.4.2 are affected by a path validation issue that allows an attacker to upload a crafted malicious file or delete files/directories with SYSTEM privileges. The underlying root cause is improper path validation, enabling local privile...
Keysight Technologies N6854A Geolocation server 代码问题漏洞
Keysight Technologies N6854A Geolocation server is a geolocation server from Keysight Technologies, Inc. A security vulnerability exists in Keysight Geolocation Server v2.4.2 and prior versions, which stems from improper path validation and allows an attacker to upload a specially crafted malicio...
PT-2023-3574 · Keysight · Keysight Geolocation Server
Name of the Vulnerable Software and Affected Versions: Keysight Geolocation Server versions 2.4.2 and prior Description: The issue is related to improper path validation, which could allow an attacker to upload a specially crafted malicious file or delete any file or directory with SYSTEM...
Code injection
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...
Path Traversal
froxlor/froxlor is vulnerable to Path Traversal. The vulnerability exists due to a lack of file path validation in adminautoupdate.php, which allows an attacker to access files outside the expected directory and read arbitrary files through relative paths such as \..filename...
CVE-2023-35145
Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...
PT-2023-24794 · Pulse Secure · Pulse Secure Client
Name of the Vulnerable Software and Affected Versions: Pulse Secure Client affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged co...
CVE-2023-2749
Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected...