1092 matches found
Path traversal
Overview url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. Recommendation Upgrade to version 1.5.0 or later References - CVE - GitHub Advisory...
GHSA-9M6J-FCG5-2442 Path traversal in url-parse
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
Cassia Networks Access Controller 路径遍历漏洞
Cassia Networks Access Controller is an application from Cassia USA, Inc. provides a powerful IoT network management solution. Cassia Networks Access Controller suffers from a path traversal vulnerability that can be exploited by an attacker to view any file on a server using a relative path...
Authentication bypass in FortiWAN
A relative path traversal vulnerability CWE-23 in FortiWAN may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value...
PT-2021-2813 · Fortinet · Fortiwan
Name of the Vulnerable Software and Affected Versions: FortiWAN versions 4.5.7 and below FortiWAN version 4.4 and all versions below Description: The issue is related to a relative path traversal vulnerability that can be exploited by a remote attacker to impact the confidentiality, integrity, an...
CVE-2021-29474
HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...
Path traversal
HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...
CVE-2021-29474 Relative Path Traversal Attack on note creation
HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...
CVE-2021-29474
CVE-2021-29474 affects HedgeDoc (CodiMD). The vulnerability allows a relative path traversal via an improper input validation in the note creation flow: an URL-encoded alias is passed through the router into noteController.showNote, then into findNote/parseNoteId, ultimately using a possibly unva...
PT-2021-18238 · Hedgedoc · Hedgedoc
Name of the Vulnerable Software and Affected Versions: HedgeDoc affected versions not specified Description: The issue is related to an improper input validation in HedgeDoc, allowing an attacker to perform a relative path traversal and read arbitrary .md files from the server's filesystem. This...
Siemens and PKE Control Center Server
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendors: Siemens/PKE Equipment: Control Center Server CCS Vulnerabilities: Cleartext Storage of Sensitive Information in GUI, Improper Authentication, Relative Path Traversal, Use of a Broken or Risky...
Insecure URL Handling
urijs does not securely handle URLs. The backslash is mishandled and causes http:/ to be interpreted as a relative path. This can potentially result in bypass of access controls...
CVE-2021-27515
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
CVE-2021-27516
URI.js aka urijs before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
CVE-2021-27516
URI.js aka urijs before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
DEBIAN-CVE-2021-27515
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
Path traversal
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
CVE-2021-27515
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
UBUNTU-CVE-2021-27515
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
CVE-2021-27516
URI.js aka urijs before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...