Lucene search
K

1092 matches found

OSV
OSV
added 2019/11/27 4:15 p.m.1 views

DEBIAN-CVE-2019-10220

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists...

8.8CVSS7.1AI score0.05123EPSS
Exploits0References1
OSV
OSV
added 2019/10/30 11:44 a.m.12 views

SUSE-SU-2019:2859-1 Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19718 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module bsc1144903, bsc1153108. - CVE-2019-17133: Fixed a buffer overflow in cfg80211mgdwextgiwessid in...

9.8CVSS9.6AI score0.06652EPSS
Exploits0References8
OSV
OSV
added 2019/10/30 11:44 a.m.6 views

SUSE-SU-2019:2864-1 Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19715 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module bsc1144903, bsc1153108. - CVE-2019-17133: Fixed a buffer overflow in cfg80211mgdwextgiwessid in...

9.8CVSS8.8AI score0.06652EPSS
Exploits1References16
OSV
OSV
added 2019/10/30 10:35 a.m.10 views

SUSE-SU-2019:2829-1 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP3)

This update for the Linux Kernel 4.4.180-94103 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module bsc1144903, bsc1153108. - CVE-2019-17133: Fixed a buffer overflow in cfg80211mgdwextgiwessid in...

9.8CVSS9.6AI score0.06652EPSS
Exploits0References7
OSV
OSV
added 2019/10/30 10:32 a.m.9 views

SUSE-SU-2019:2821-1 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-6064110 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module bsc1144903, bsc1153108. - CVE-2019-17133: Fixed a buffer overflow in cfg80211mgdwextgiwessid in...

9.8CVSS8.8AI score0.98745EPSS
Exploits7References25
Gitee
Gitee
added 2019/10/22 11:22 p.m.7 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...

9.8CVSS8.4AI score0.99964EPSS
Exploits47
Github Security Blog
Github Security Blog
added 2019/10/15 7:27 p.m.57 views

Cross-site scripting in Swagger-UI

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS3.8AI score0.0558EPSS
Exploits1References15Affected Software4
Veracode
Veracode
added 2019/10/11 8:20 a.m.33 views

CSS Injection

swagger-ui is vulnerable to CSS injection. The ?url= parameter allows an attacker to override a hard-coded schema file, which would enable for the Relative Path Overwrite RPO exploit technique, allowing exfiltration of confidential information from a victim's browser such as the CSRF token value...

9.8CVSS3.5AI score0.0558EPSS
Exploits1References19Affected Software2
NVD
NVD
added 2019/10/10 10:15 p.m.22 views

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS9.5AI score0.0558EPSS
Exploits1References11
OSV
OSV
added 2019/10/10 10:15 p.m.23 views

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS9.4AI score
Exploits0References11
Cvelist
Cvelist
added 2019/10/10 9:4 p.m.25 views

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.4AI score0.0558EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2019/10/05 12:0 a.m.5 views

PT-2019-4446 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel version 4.9.0 Description: The issue concerns a relative paths injection in directory entry lists within the Linux kernel CIFS implementation. It is caused by incorrect restriction of the directory path name with limited access...

10CVSS7.4AI score0.98745EPSS
Exploits142References1413
OSV
OSV
added 2019/08/29 1:15 a.m.4 views

CVE-2019-13408

A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication...

7.5CVSS7.1AI score
Exploits0References3
CVE
CVE
added 2019/08/29 12:18 a.m.165 views

CVE-2019-13408

CVE-2019-13408 describes a relative path traversal vulnerability in Advan VD-1 firmware up to version 230, allowing unauthenticated download of arbitrary files via cgibin/ExportSettings.cgi?Download=filepath. Exploitation details and affected products in connected sources include GeoVision/OT plu...

7.5CVSS7.5AI score0.01913EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/06/30 3:15 p.m.3 views

CVE-2019-11822

Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter...

6.5CVSS6.8AI score0.01292EPSS
Exploits0References1
OSV
OSV
added 2019/06/30 3:15 p.m.2 views

CVE-2019-11826

Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter...

8.8CVSS7.4AI score0.01661EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/06/30 12:0 a.m.2 views

PT-2019-12511 · Synology · Synology Moments

Name of the Vulnerable Software and Affected Versions: Synology Moments versions prior to 1.3.0-0691 Description: The issue concerns a relative path traversal vulnerability. It allows remote authenticated users to upload arbitrary files via the name parameter. Recommendations: For versions prior ...

8.8CVSS8.4AI score0.01661EPSS
Exploits0References3
NVD
NVD
added 2019/05/31 2:29 p.m.18 views

CVE-2019-12507

An XSS vulnerability exists in PHPRelativePath aka Relative Path through 1.0.2 via the RelativePath.Example1.php path parameter...

6.1CVSS6AI score0.0089EPSS
Exploits0References2
OSV
OSV
added 2019/05/31 2:29 p.m.9 views

CVE-2019-12507

An XSS vulnerability exists in PHPRelativePath aka Relative Path through 1.0.2 via the RelativePath.Example1.php path parameter...

6.1CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added 2019/05/31 1:44 p.m.52 views

CVE-2019-12507

An XSS vulnerability exists in PHPRelativePath aka Relative Path through 1.0.2 via the RelativePath.Example1.php path parameter...

6AI score0.0089EPSS
Exploits0References2
Rows per page
Query Builder