1092 matches found
DEBIAN-CVE-2019-10220
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists...
SUSE-SU-2019:2859-1 Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-19718 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module bsc1144903, bsc1153108. - CVE-2019-17133: Fixed a buffer overflow in cfg80211mgdwextgiwessid in...
SUSE-SU-2019:2864-1 Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-19715 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module bsc1144903, bsc1153108. - CVE-2019-17133: Fixed a buffer overflow in cfg80211mgdwextgiwessid in...
SUSE-SU-2019:2829-1 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP3)
This update for the Linux Kernel 4.4.180-94103 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module bsc1144903, bsc1153108. - CVE-2019-17133: Fixed a buffer overflow in cfg80211mgdwextgiwessid in...
SUSE-SU-2019:2821-1 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP1)
This update for the Linux Kernel 3.12.74-6064110 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module bsc1144903, bsc1153108. - CVE-2019-17133: Fixed a buffer overflow in cfg80211mgdwextgiwessid in...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...
Cross-site scripting in Swagger-UI
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
CSS Injection
swagger-ui is vulnerable to CSS injection. The ?url= parameter allows an attacker to override a hard-coded schema file, which would enable for the Relative Path Overwrite RPO exploit technique, allowing exfiltration of confidential information from a victim's browser such as the CSRF token value...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
PT-2019-4446 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel version 4.9.0 Description: The issue concerns a relative paths injection in directory entry lists within the Linux kernel CIFS implementation. It is caused by incorrect restriction of the directory path name with limited access...
CVE-2019-13408
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication...
CVE-2019-13408
CVE-2019-13408 describes a relative path traversal vulnerability in Advan VD-1 firmware up to version 230, allowing unauthenticated download of arbitrary files via cgibin/ExportSettings.cgi?Download=filepath. Exploitation details and affected products in connected sources include GeoVision/OT plu...
CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter...
CVE-2019-11826
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter...
PT-2019-12511 · Synology · Synology Moments
Name of the Vulnerable Software and Affected Versions: Synology Moments versions prior to 1.3.0-0691 Description: The issue concerns a relative path traversal vulnerability. It allows remote authenticated users to upload arbitrary files via the name parameter. Recommendations: For versions prior ...
CVE-2019-12507
An XSS vulnerability exists in PHPRelativePath aka Relative Path through 1.0.2 via the RelativePath.Example1.php path parameter...
CVE-2019-12507
An XSS vulnerability exists in PHPRelativePath aka Relative Path through 1.0.2 via the RelativePath.Example1.php path parameter...
CVE-2019-12507
An XSS vulnerability exists in PHPRelativePath aka Relative Path through 1.0.2 via the RelativePath.Example1.php path parameter...