Lucene search
K

1092 matches found

CVE
CVE
added 2021/02/21 11:29 p.m.95 views

CVE-2021-27516

CVE-2021-27516 affects the URI.js (urijs) library prior to v1.19.6. The issue stems from how the library handles backslashes in the URL delimiter (e.g., https:/...), which can cause hostname spoofing and misinterpretation of the target hostname, potentially enabling SSRF, open redirects, or relat...

7.5CVSS7.3AI score0.02483EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/02/21 12:0 a.m.6 views

URI.js Security Vulnerability

Medialize URI.js is a Javascript-based code library from the Medialize team that can be used to efficiently splice URLs. A security vulnerability exists in URI.js before 1.19.6 that stems from incorrect handling of certain uses of backslashes e.g., http: / and interpreting URIs as relative paths...

7.5CVSS6.9AI score0.02483EPSS
Exploits1References6
Veracode
Veracode
added 2021/02/11 3:12 a.m.22 views

Directory Traversal

ftp-srv is vulnerable to directory traversal. The vulnerability exists as it does not perform checks on the relative path to see if it resolves to a path outside of the application root directory...

9.6CVSS3.6AI score0.01863EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2020/12/16 2:15 p.m.12 views

CVE-2020-25617

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console NAC, leading to execution of OS commands as root...

9CVSS8.7AI score0.03167EPSS
Exploits0References3
CVE
CVE
added 2020/12/16 1:52 p.m.44 views

CVE-2020-25617

SolarWinds N-Central 12.3.0.670 contains a relative path traversal flaw in the AdvancedScripts HTTP endpoint . An authenticated user can exploit this to execute OS commands as root via the NAC interface, as described across multiple sources (NVD/Red Hat/CNVD listings). The root cause is path trav...

9CVSS8.6AI score0.03167EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.6 views

Siemens XHQ 信息泄露漏洞

Siemens XHQ is a software platform that aggregates plant or pipeline operational data, processes it in a goal-oriented manner, and then makes decisions in real time to effectively improve plant or pipeline operational performance. A relative path traversal vulnerability exists in Siemens XHQ...

6.5CVSS6.6AI score0.01241EPSS
Exploits0References4
Prion
Prion
added 2020/11/06 5:15 p.m.14 views

Path traversal

A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files...

7.5CVSS9.4AI score0.02009EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/10/21 7:15 p.m.3 views

CVE-2020-3550

A vulnerability in the sfmgr daemon of Cisco Firepower Management Center FMC Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to...

8.1CVSS7.4AI score0.02179EPSS
Exploits0References1
ICS
ICS
added 2020/10/06 12:0 a.m.149 views

Rockwell Automation ISaGRAF5 Runtime (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ISaGRAF5 Runtime Vulnerabilities: Use of Hard-coded Cryptographic Key, Unprotected Storage of Credentials, Relative Path Traversal, Uncontrolled Search Path Element,...

9.8CVSS8.3AI score0.06062EPSS
Exploits0References5
OSV
OSV
added 2020/10/01 8:15 p.m.4 views

CVE-2020-5789

Relative Path Traversal in Teltonika firmware TRB2R00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk...

6.5CVSS6.7AI score0.01358EPSS
Exploits1References1
OSV
OSV
added 2020/10/01 8:15 p.m.5 views

CVE-2020-5787

Relative Path Traversal in Teltonika firmware TRB2R00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action...

6.5CVSS6.7AI score0.01669EPSS
Exploits1References1
CVE
CVE
added 2020/10/01 7:45 p.m.40 views

CVE-2020-5787

CVE-2020-5787 describes a Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3. The vulnerability allows a remote, authenticated attacker to delete arbitrary files on the device’s disk via the admin/services/packages/remove action. Affected software: Teltonika firmware TRB2_R_00.02.04....

8.5CVSS6.3AI score0.01669EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/10/01 7:45 p.m.22 views

CVE-2020-5787

Relative Path Traversal in Teltonika firmware TRB2R00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action...

6.4AI score0.01669EPSS
Exploits1References1
ICS
ICS
added 2020/09/24 12:0 p.m.77 views

3S CoDeSys (Update A)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: 3S-Smart Software Solutions Equipment: CoDeSys Vulnerabilities: Improper Access Control, Relative Path Traversal 2. UPDATE INFORMATION This updated advisory is a...

10CVSS7.6AI score0.05266EPSS
Exploits0References31
Gitee
Gitee
added 2020/09/17 4:36 p.m.9 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...

9.8CVSS8.4AI score0.99964EPSS
Exploits47
Cvelist
Cvelist
added 2020/09/01 1:55 p.m.29 views

CVE-2020-7665 Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...

7.5CVSS7.5AI score0.01826EPSS
Exploits1References2
CNVD
CNVD
added 2020/08/25 12:0 a.m.5 views

Metasploit Framework Relative Path Traversal Vulnerability

Metasploit Framework is a modular Ruby-based penetration testing platform that enables you to write, test and execute exploit code. A relative path traversal vulnerability exists in the untar method of the "auxiliary/admin/http/telpho10credentialdump" module of the Metasploit Framework, which can...

8.1CVSS7.2AI score0.01072EPSS
Exploits1References1
CNVD
CNVD
added 2020/08/25 12:0 a.m.3 views

Metasploit Framework Relative Path Traversal Vulnerability (CNVD-2020-49456)

Metasploit Framework is a modular Ruby-based penetration testing platform that enables you to write, test and execute exploit code. A relative path traversal vulnerability exists in the getkeychains method of the "post/osx/gather/enumosx module" module of the Metasploit Framework, which can be...

10CVSS7.2AI score0.01123EPSS
Exploits1References1
NVD
NVD
added 2020/08/24 7:15 p.m.17 views

CVE-2020-7376

The Metasploit Framework module "post/osx/gather/enumosx module" is affected by a relative path traversal vulnerability in the getkeychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host...

10CVSS7.6AI score0.01123EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/08/24 7:10 p.m.20 views

CVE-2020-7377 Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module

The Metasploit Framework module "auxiliary/admin/http/telpho10credentialdump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP...

8.1CVSS8.1AI score0.01072EPSS
Exploits1References1
Rows per page
Query Builder