PT-2022-09: Insufficient validation of file paths and Path Traversal in Veeam Backup & Replication

The vulnerability was identified in Veeam Backup & Replication versions 9.5, 10, 11. The discovered vulnerability allows an attaker to perform an NTLM-relay attack on behalf of the account under which the service is running, uploading arbitrary files from arbitrary paths to the VBR server,...

Apple Mac OS X Security Update (HT213055)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Mac OS X Security Update (HT213054)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0308)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Releases iOS and macOS Updates to Patch Actively Exploited 0-Day Vulnerability

Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587, the vulnerability relates to a memory corrupti...

About the security content of tvOS 15.3

About the security content of tvOS 15.3 This document describes the security content of tvOS 15.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of iOS 15.3 and iPadOS 15.3

About the security content of iOS 15.3 and iPadOS 15.3 This document describes the security content of iOS 15.3 and iPadOS 15.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

PT-2022-6556 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existin...

CVE-2021-44232

SAF-T Framework Transaction SAFTNG allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server...

Armeria path traversal vulnerability

Armeria is an open source library for building asynchronous microservers that use HTTP/2 as the session layer protocol.Armeria is vulnerable to a path traversal vulnerability that stems from a flaw in the software's path validation logic. An attacker could send an HTTP request with a path...

GHSA-8FP4-RP6C-5GCV Path Traversal in com.linecorp.armeria:armeria

Impact An attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains %2F encoded /, such as /files/..%2Fsecrets.txt, bypassing Armeria's path validation logic. Patches Armeria 1.13.4 or above contains the hardened path...

CVE-2021-43795

Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains %2F encoded /, such as /files/..%2Fsecrets.txt, bypassing Armeria's path validation...

CVE-2021-43795

Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains %2F encoded /, such as /files/..%2Fsecrets.txt, bypassing Armeria's path validation...

Design/Logic Flaw

Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains %2F encoded /, such as /files/..%2Fsecrets.txt, bypassing Armeria's path validation...

CVE-2021-43795 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in com.linecorp.armeria:armeria

Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains %2F encoded /, such as /files/..%2Fsecrets.txt, bypassing Armeria's path validation...

The software for Cisco Webex Meetings Server, Cisco Webex Meetings Desktop App, and Cisco Webex Teams – a collaboration tool for Windows operating systems – has vulnerabilities related to errors in the path validation mechanism for dynamically loaded libraries. This allows attackers to execute arbitrary code.

The vulnerability of Cisco Webex Meetings Server, Cisco Webex Meetings Desktop App, and Cisco Webex Teams for Windows operating systems relates to errors in the mechanism for checking paths to dynamically loaded libraries. Exploiting this vulnerability allows an attacker to execute arbitrary code...

Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing

The plugin does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder PoC Click the "Log Monitor" available under Error Log Viewer menu item. Choose a log file to clear. Intercept the...

The vulnerability of the TSWbPrxy component in Windows operating systems, which allows attackers to increase their privileges

The vulnerability of the TSWbPrxy component in Windows operating systems is related to deficiencies in path validation for restricted access directories. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...

CVE-2021-24639

The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server...

Cross site request forgery (csrf)

The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server...