2131 matches found
CVE-2022-2638
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server...
CVE-2022-2638
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server...
USN-5546-2 openjdk-8 vulnerabilities
USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain...
USN-5546-1 openjdk-8, openjdk-lts, openjdk-17, openjdk-18 vulnerabilities
Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. CVE-2022-21449 It was discovered that OpenJDK incorrectly limited memo...
PT-2022-17393 · Enterprisedb · Enterprisedt Completeftp
Name of the Vulnerable Software and Affected Versions: EnterpriseDT CompleteFTP version 22.1.0 Server Description: This issue allows remote attackers to delete arbitrary files on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the...
ownCloud: GitHub Security Lab (GHSL) Vulnerability Report: Insufficient path validation in ReceiveExternalFilesActivity.java (GHSL-2022-060)
The Owncloud Android app was found to have insufficient path validation in the ReceiveExternalFilesActivity activity, allowing attackers to read from and write to the application's internal storage. This could be exploited by uploading arbitrary files from the app's internal storage or by writing...
Sparklabs Viscosity 代码问题漏洞
Sparklabs Viscosity is an OpenVPN client from Sparklabs Australia. A security vulnerability exists in Sparklabs Viscosity version 1.6.7 that stems from a path not being properly validated...
The vulnerability of the ImageCast X ballot marking device’s software lies in its lack of proper path validation when accessing restricted directories. This allows a perpetrator to execute arbitrary code.
The vulnerability of the ImageCast X ballot marking device’s software is related to deficiencies in checking the name of the path to the restricted-access catalog. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code using a specially created ballot file...
Air Transfer 跨站脚本漏洞
Air Transfer is a file transfer application by Junsik Choi, a private developer. A security vulnerability exists in Air Transfer version 1.0.14/1.2.1, which stems from an insecure design of the validation of the path parameter located in the list and download modules and allows execution of...
PT-2022-23726 · Ivanti · Ivanti Avalanche
Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.3.101 Description: This issue allows remote attackers to read arbitrary files on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...
GHSA-2CXG-448H-4WXJ Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files
Jenkins Support Core Plugin did not validate the paths submitted for the "Delete Support Bundles" feature. This allowed users to delete arbitrary files on the Jenkins controller file system accessible to the OS user account running Jenkins. Additionally, this endpoint did not perform a permission...
The vulnerability of the Node-tar module in the Node.js library allows a hacker to write any files or execute any code.
The vulnerability of the Node-tar module in the Node.js library is related to insufficient checking of the path name to the restricted access directory. Exploiting this vulnerability could allow an attacker to write arbitrary files or execute arbitrary code...
sinatra: path traversal possible outside of public_dir when serving static files
A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served...
友讯 DIR-825 AC1200 R2 路径遍历漏洞
The D-LINK DIR-825 AC1200 R2 is a router from China-based AUO D-LINK. The D-LINK DIR-825 AC1200 R2 suffers from a directory traversal vulnerability that stems from a lack of validity checking of paths when processing directory requests, which can be exploited by an attacker to access the entire...
sinatra: path traversal possible outside of public_dir when serving static files
A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served...
UnRAR 路径遍历漏洞
UnRAR is a command that decompresses files with an rar suffix.RARLAB A directory traversal vulnerability exists in versions of UnRAR prior to 6.12. The vulnerability stems from a lack of validity checks on paths when processing directory requests, and can be exploited by attackers to write files...
CVE-2022-28784
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic...
CVE-2022-28784
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic...
Path traversal
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic...
CVE-2022-28784
CVE-2022-28784 describes a path traversal vulnerability in Samsung Galaxy Themes prior to SMR May-2022 Release 1. The issue stems from incorrect file path validation logic, allowing a system user to list file names in arbitrary directories. Affected component: Galaxy Themes (on Samsung devices) w...