CVE-2020-25374

CyberArk Privileged Session Manager PSM 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time...

CVE-2017-18687

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 January 2017...

CVE-2012-6502

Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a...

CVE-2011-0920

The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS...

The vulnerability of the Rack::Static class in the module interface between web servers and Rack web applications allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Rack::Static module interface between web servers and Rack web applications is related to errors in processing relative pathnames to directories. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

react-router 环境问题漏洞

react-router is a declarative routing for React open-sourced by Remix. An environmental issue vulnerability exists in react-router versions 7.0.0 through 7.4.0, which stems from an Express adapter for Remix or React Router that allows request URLs to be forged via URL pathnames...

The vulnerability of the client for remote desktop clients on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Remote Desktop Client for Windows operating systems in handling relative pathnames to directories involves errors in processing those paths. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Komtera KLog Server 路径遍历漏洞

Komtera KLog Server is a logging solution from Komtera. A path traversal vulnerability exists in Komtera KLog Server versions prior to 3.1.1, which stems from improperly restricting directory pathnames when processing web input to file system calls...

The vulnerability of the Voyager PHP framework Laravel, related to errors in handling relative pathnames to directories, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Voyager PHP-framework Laravel relates to errors in handling relative pathnames to directories. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

Fortinet FortiManager和Fortinet FortiAnalyzer 安全漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains AD...

CVE-2024-41704

LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images...

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

BIT-PILLOW-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled...

GLSA-202312-01 : Leptonica: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202312-01 Leptonica: Multiple Vulnerabilities - Leptonica 1.74.4 constructs unintended pathnames containing duplicated path components when operating on files in /tmp subdirectories, which might allow local users to bypass intende...

USN-6547-1: Python vulnerability

it was discovered that Python incorrectly handled null bytes when normalizing pathnames. An attacker could possibly use this issue to bypass certain filename checks...

Ubuntu 20.04 ESM : Pillow vulnerabilities (USN-5777-2)

The remote Ubuntu 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5777-2 advisory. USN-5777-1 fixed vulnerabilities in Pillow Python 3. This update provides the corresponding updates for Pillow Python 2 in Ubuntu 20.04 LTS. Tenable has...

ForgeRock Access Management 路径遍历漏洞

ForgeRock Access Management is a comprehensive, unified solution from ForgeRock USA designed to quickly enable superior experiences tailored to the unique needs of users and employees. A security vulnerability exists in ForgeRock Access Management that stems from an incorrect restriction on...

Updated stellarium packages fix security vulnerability

Attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal. CVE-2023-28371...