Lucene search
K

1092 matches found

Node.js
Node.js
added 2021/05/06 4:15 p.m.44 views

Path traversal

Overview url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. Recommendation Upgrade to version 1.5.0 or later References - CVE - GitHub Advisory...

5CVSS2.1AI score0.01964EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/05/06 4:10 p.m.35 views

GHSA-9M6J-FCG5-2442 Path traversal in url-parse

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

5.3CVSS5.8AI score0.01964EPSS
Exploits1References8
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.5 views

Cassia Networks Access Controller 路径遍历漏洞

Cassia Networks Access Controller is an application from Cassia USA, Inc. provides a powerful IoT network management solution. Cassia Networks Access Controller suffers from a path traversal vulnerability that can be exploited by an attacker to view any file on a server using a relative path...

7.5CVSS7.5AI score0.00588EPSS
Exploits0References6
Fortinet
Fortinet
added 2021/04/27 12:0 a.m.36 views

Authentication bypass in FortiWAN

A relative path traversal vulnerability CWE-23 in FortiWAN may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value...

5.1AI score0.16364EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2021/04/27 12:0 a.m.5 views

PT-2021-2813 · Fortinet · Fortiwan

Name of the Vulnerable Software and Affected Versions: FortiWAN versions 4.5.7 and below FortiWAN version 4.4 and all versions below Description: The issue is related to a relative path traversal vulnerability that can be exploited by a remote attacker to impact the confidentiality, integrity, an...

10CVSS7.2AI score0.16364EPSS
Exploits0References14
OSV
OSV
added 2021/04/26 10:15 p.m.10 views

CVE-2021-29474

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

5.8CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2021/04/26 10:15 p.m.23 views

Path traversal

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

5CVSS5.6AI score0.01599EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/26 9:37 p.m.21 views

CVE-2021-29474 Relative Path Traversal Attack on note creation

HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker can read arbitrary .md files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can t...

4.7CVSS5.8AI score0.01599EPSS
Exploits1References1
CVE
CVE
added 2021/04/26 9:37 p.m.49 views

CVE-2021-29474

CVE-2021-29474 affects HedgeDoc (CodiMD). The vulnerability allows a relative path traversal via an improper input validation in the note creation flow: an URL-encoded alias is passed through the router into noteController.showNote, then into findNote/parseNoteId, ultimately using a possibly unva...

5.8CVSS5.1AI score0.01599EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/26 12:0 a.m.4 views

PT-2021-18238 · Hedgedoc · Hedgedoc

Name of the Vulnerable Software and Affected Versions: HedgeDoc affected versions not specified Description: The issue is related to an improper input validation in HedgeDoc, allowing an attacker to perform a relative path traversal and read arbitrary .md files from the server's filesystem. This...

5.8CVSS5.4AI score0.01599EPSS
Exploits1References4
ICS
ICS
added 2021/04/13 12:0 a.m.39 views

Siemens and PKE Control Center Server

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendors: Siemens/PKE Equipment: Control Center Server CCS Vulnerabilities: Cleartext Storage of Sensitive Information in GUI, Improper Authentication, Relative Path Traversal, Use of a Broken or Risky...

9.9CVSS9.8AI score0.02647EPSS
Exploits0References8
Veracode
Veracode
added 2021/02/23 4:45 a.m.11 views

Insecure URL Handling

urijs does not securely handle URLs. The backslash is mishandled and causes http:/ to be interpreted as a relative path. This can potentially result in bypass of access controls...

7.5CVSS1.2AI score0.02483EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2021/02/22 12:15 a.m.23 views

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

5.3CVSS0.01964EPSS
Exploits1References5
OSV
OSV
added 2021/02/22 12:15 a.m.16 views

CVE-2021-27516

URI.js aka urijs before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

7.5CVSS6.7AI score
Exploits0References3
NVD
NVD
added 2021/02/22 12:15 a.m.8 views

CVE-2021-27516

URI.js aka urijs before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

7.5CVSS0.02483EPSS
Exploits1References3
OSV
OSV
added 2021/02/22 12:15 a.m.2 views

DEBIAN-CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

5.3CVSS7AI score0.01964EPSS
Exploits1References1
Prion
Prion
added 2021/02/22 12:15 a.m.26 views

Path traversal

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

5CVSS5.3AI score0.01964EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2021/02/22 12:15 a.m.27 views

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

5.3CVSS6.8AI score0.01964EPSS
Exploits1References5
OSV
OSV
added 2021/02/22 12:15 a.m.7 views

UBUNTU-CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

5.3CVSS6.8AI score0.01964EPSS
Exploits1References6
Cvelist
Cvelist
added 2021/02/21 11:29 p.m.14 views

CVE-2021-27516

URI.js aka urijs before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

7.7AI score0.02483EPSS
Exploits1References3
Rows per page
Query Builder