SUSE CVE-2015-3309

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. dot dot in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete...

SUSE CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

SUSE CVE-2016-2097

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...

SUSE CVE-2018-6871

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function...

SUSE CVE-2022-31255

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files...

CVE-2022-43932

Improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability in CGI component in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors...

PT-2023-14405 · Synology · Synology Router Manager

Name of the Vulnerable Software and Affected Versions: Synology Router Manager versions prior to 1.2.5-8227-6 Synology Router Manager versions prior to 1.3.1-9346-3 Description: The issue is related to improper neutralization of special elements in output used by a downstream component, also know...

CVE-2022-43753

A Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files...

PT-2022-20642 · Suse · Release-Notes-Susemanager +5

Name of the Vulnerable Software and Affected Versions: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 versions prior to 4.2.28 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39 SUSE Manager Server 4.2 release-notes-susemanager versions prio...

CVE-2022-41477

A security issue was discovered in WeBid =1.2.2. A Server-Side Request Forgery SSRF vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories...

CVE-2022-40177

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

SAP Manufacturing Execution 路径遍历漏洞

SAP Manufacturing Execution is an integrated Manufacturing Execution System MES solution for discrete manufacturing processes from SAP. Enables MES functionality to be customized specifically for the management and control of production environments. A path traversal vulnerability exists in SAP...

Veritas NetBackup 代码问题漏洞

Veritas NetBackup is a storage service used by Veritas, Inc. to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup 10.0.0.1 and previous versions are vulnerable to XML external entity injection, which stems from the fact that the DiscoveryService service does...

CVE-2020-21641

Out-of-Band XML External Entity OOB-XXE vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file...

ZOHO ManageEngine Analytics Plus 代码问题漏洞

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO India. Get a better view of your IT data with rich visualizations and dashboards. A security vulnerability exists in ZOHO ManageEngine Analytics Plus versions prior to 4.3.5. A remote attacker can exploit the...

CVE-2022-36999

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBack...

CVE-2022-37000

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBack...

CVE-2022-36999

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBack...

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and the backup protection of metadata, virtual environments and other environmental data. A security...

CVE-2022-35650

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature...