1092 matches found
CVE-2021-27516
CVE-2021-27516 affects the URI.js (urijs) library prior to v1.19.6. The issue stems from how the library handles backslashes in the URL delimiter (e.g., https:/...), which can cause hostname spoofing and misinterpretation of the target hostname, potentially enabling SSRF, open redirects, or relat...
URI.js Security Vulnerability
Medialize URI.js is a Javascript-based code library from the Medialize team that can be used to efficiently splice URLs. A security vulnerability exists in URI.js before 1.19.6 that stems from incorrect handling of certain uses of backslashes e.g., http: / and interpreting URIs as relative paths...
Directory Traversal
ftp-srv is vulnerable to directory traversal. The vulnerability exists as it does not perform checks on the relative path to see if it resolves to a path outside of the application root directory...
CVE-2020-25617
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console NAC, leading to execution of OS commands as root...
CVE-2020-25617
SolarWinds N-Central 12.3.0.670 contains a relative path traversal flaw in the AdvancedScripts HTTP endpoint . An authenticated user can exploit this to execute OS commands as root via the NAC interface, as described across multiple sources (NVD/Red Hat/CNVD listings). The root cause is path trav...
Siemens XHQ 信息泄露漏洞
Siemens XHQ is a software platform that aggregates plant or pipeline operational data, processes it in a goal-oriented manner, and then makes decisions in real time to effectively improve plant or pipeline operational performance. A relative path traversal vulnerability exists in Siemens XHQ...
Path traversal
A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files...
CVE-2020-3550
A vulnerability in the sfmgr daemon of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to...
Rockwell Automation ISaGRAF5 Runtime (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ISaGRAF5 Runtime Vulnerabilities: Use of Hard-coded Cryptographic Key, Unprotected Storage of Credentials, Relative Path Traversal, Uncontrolled Search Path Element,...
CVE-2020-5789
Relative Path Traversal in Teltonika firmware TRB2R00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk...
CVE-2020-5787
Relative Path Traversal in Teltonika firmware TRB2R00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action...
CVE-2020-5787
CVE-2020-5787 describes a Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3. The vulnerability allows a remote, authenticated attacker to delete arbitrary files on the device’s disk via the admin/services/packages/remove action. Affected software: Teltonika firmware TRB2_R_00.02.04....
CVE-2020-5787
Relative Path Traversal in Teltonika firmware TRB2R00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action...
3S CoDeSys (Update A)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: 3S-Smart Software Solutions Equipment: CoDeSys Vulnerabilities: Improper Access Control, Relative Path Traversal 2. UPDATE INFORMATION This updated advisory is a...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...
CVE-2020-7665 Arbitrary File Write via Archive Extraction (Zip Slip)
This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...
Metasploit Framework Relative Path Traversal Vulnerability
Metasploit Framework is a modular Ruby-based penetration testing platform that enables you to write, test and execute exploit code. A relative path traversal vulnerability exists in the untar method of the "auxiliary/admin/http/telpho10credentialdump" module of the Metasploit Framework, which can...
Metasploit Framework Relative Path Traversal Vulnerability (CNVD-2020-49456)
Metasploit Framework is a modular Ruby-based penetration testing platform that enables you to write, test and execute exploit code. A relative path traversal vulnerability exists in the getkeychains method of the "post/osx/gather/enumosx module" module of the Metasploit Framework, which can be...
CVE-2020-7376
The Metasploit Framework module "post/osx/gather/enumosx module" is affected by a relative path traversal vulnerability in the getkeychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host...
CVE-2020-7377 Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module
The Metasploit Framework module "auxiliary/admin/http/telpho10credentialdump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP...