Lucene search
K

39 matches found

NVD
NVD
added 2025/02/18 7:15 p.m.9 views

CVE-2025-25284

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

8.7CVSS0.00584EPSS
Exploits0References2
CVE
CVE
added 2025/02/18 6:42 p.m.58 views

CVE-2025-25284

CVE-2025-25284 concerns the ZOO-Project WPS implementation. The vulnerability lies in the Gdal_Translate service when processing VRT files: the SourceFilename parameter in VRTRasterBand is not properly sanitized, allowing relative path traversal (../) and enabling an unauthenticated attacker to r...

8.7CVSS7AI score0.00584EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/18 6:42 p.m.5 views

CVE-2025-25284 Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

8.7CVSS6.5AI score0.00584EPSS
Exploits0References2
OSV
OSV
added 2025/02/18 6:42 p.m.5 views

CVE-2025-25284 Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS Web Processing Service implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the GdalTranslate service, whe...

8.7CVSS6.7AI score0.00584EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/12 10:36 p.m.5 views

CVE-2025-25189

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

6.9CVSS6.1AI score0.00418EPSS
Exploits0References1
NVD
NVD
added 2025/02/05 12:15 p.m.13 views

CVE-2024-3976

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to...

6.5CVSS0.00484EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 10:7 a.m.8 views

CVE-2024-3572

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

7.5CVSS6.5AI score0.00807EPSS
Exploits1
OSV
OSV
added 2024/12/04 10:20 p.m.7 views

CVE-2024-53982 Arbitrary file download in Zoo-Project Echo Example

ZOO-Project is a C-based WPS Web Processing Service implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is...

8.7CVSS6.8AI score0.0046EPSS
Exploits0References4
OSV
OSV
added 2024/06/27 7:15 a.m.4 views

UBUNTU-CVE-2024-22231

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master...

5CVSS5.9AI score0.00693EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/09 2:38 p.m.37 views

CVE-2024-34352 Arbitrary file write vulnerability in 1Panel

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol...

6.5CVSS6.7AI score0.01329EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/05 12:0 a.m.5 views

LLVM project 缓冲区错误漏洞

LLVM project is a collection of modular, reusable compiler and toolchain technologies open-sourced by LLVM. A security vulnerability exists in LLVM project version a0138390, which stems from a segmentation error in the component matchAndRewriteSortOp...

5.5CVSS5.5AI score0.00215EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/20 8:28 a.m.4 views

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-839CyVDB-2300CyVDB-3109 Browse restriction bypass vulnerability in Cabinet CWE-284 - CVE-2022-32283 CyVDB-1795 Operation restriction bypass vulnerability in Project CWE-285 - CVE-2022-32544...

6.5CVSS7AI score0.00759EPSS
Exploits0References30
Huntr
Huntr
added 2021/07/05 6:30 a.m.9 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description I found a stored XSS in your project which is lead by adding client's comment. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a Client. 2. Enter " in the comments. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...

1.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/06/26 12:0 a.m.4 views

The vulnerability of the Microsoft Office software and the Microsoft Project project management software, related to errors in memory object handling, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Microsoft Office suite and the Microsoft Project project management software is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

7.1CVSS6.9AI score0.0548EPSS
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2018/06/09 3:32 a.m.11 views

crosswalk-project.org XSS vulnerability

Open Bug Bounty ID: OBB-629465 Description| Value ---|--- Affected Website:| crosswalk-project.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
OSV
OSV
added 2017/10/11 1:32 a.m.23 views

CVE-2017-15206

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user...

4.3CVSS6.6AI score
Exploits0References4
OSV
OSV
added 2014/12/09 11:59 p.m.4 views

DEBIAN-CVE-2014-9319

The ffhevcdecodenalsps function in libavcodec/hevcps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service out-of-bounds access via a crafted .bit file...

5CVSS6.7AI score0.02427EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2008/02/20 12:0 a.m.28 views

projectpier-xssxsrf.txt

====================================================================== ProjectPier Impact: Cross Site Scripting Cross Site Request Forgery Status: patch available ------------------------------ Affected software description: ------------------------------ Application: ProjectPier Version: = 0.80...

7.4AI score
Exploits0
CERT
CERT
added 2008/02/06 12:0 a.m.41 views

KAME project IPv6 IPComp header denial of service vulnerability

Overview The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash. Description Per RFC 3173:IP payload compression is a protocol to reduce the size of ...

7.8CVSS5.8AI score0.15542EPSS
Exploits6References8
Rows per page
Query Builder