Lucene search
K

236 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.12 views

CVE-2021-25156

A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below;...

4.9CVSS7.2AI score0.40523EPSS
Exploits3References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 6:7 p.m.16 views

Security Bulletin: JSch could allow a remote attacker to traverse directories on the system which affects watsonx.data

Summary JSch could allow a remote attacker to traverse directories on the system, which may impact watsonx.data. Vulnerability Details CVEID:CVE-2016-5725 DESCRIPTION: JSch could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request ...

5.9CVSS5.7AI score0.24143EPSS
Exploits3Affected Software1
CVE
CVE
added 2025/01/25 1:49 p.m.66 views

CVE-2023-38012

CVE-2023-38012 affects IBM Cloud Pak System versions 2.3.3.6–2.3.4.0. A path traversal flaw allows a remote attacker to view arbitrary system files by crafting URL requests containing "dot dot" sequences (/../). IBM and CVE records cite the impact as directory traversal with CVSS v3.1 base score ...

5.3CVSS5.3AI score0.00478EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.3 views

IBM Sterling Secure Proxy 安全漏洞

IBM Sterling Secure Proxy is an International Business Machines IBM application agent for securing file transfers in an organization's unprotected zone DMZ. A security vulnerability exists in IBM Sterling Secure Proxy versions 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0, which stems from a...

7.5CVSS6.7AI score0.00644EPSS
Exploits0References1
OSV
OSV
added 2024/08/18 10:15 p.m.9 views

CVE-2024-7912

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely...

5.3CVSS5.1AI score0.00796EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.3 views

PT-2024-38596 · Unknown · Sourcecodester Online Graduate Tracer System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Graduate Tracer System version 1.0 Description: A vulnerability was found in the system, affecting an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through...

6.9CVSS5.6AI score0.00764EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.9 views

PT-2024-38444 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to delete arbitrary directories on affected installations. The flaw exists within the HTTP API service, which listens on TCP port...

8.1CVSS6.9AI score0.02016EPSS
Exploits0References6
Veracode
Veracode
added 2024/08/07 6:9 a.m.18 views

Improper Input Validation

The weave server API is vulnerable to Improper Input Validation. The vulnerability is caused due to a missing validation while fetching files from a remote directory for allowed file paths. This allows to traverse and leak arbitrary files remotely and can lead to a low-privileged users assuming t...

8.8CVSS6.8AI score0.04974EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/04/30 12:0 a.m.27 views

ALSA-2024:2571 Moderate: sssd security and bug fix update

The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch NSS and the Pluggable Authentication Modules PAM interfaces toward the system, and a pluggable back-end system ...

7.1CVSS7.4AI score0.01033EPSS
Exploits1References4
OSV
OSV
added 2024/02/02 4:15 a.m.5 views

CVE-2023-38019

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 260575...

6.5CVSS5.9AI score0.01019EPSS
Exploits0References2
OSV
OSV
added 2024/01/19 2:15 p.m.9 views

CVE-2023-51948

A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application...

7.5CVSS5.8AI score0.00714EPSS
Exploits1References2
OSV
OSV
added 2024/01/03 2:15 p.m.7 views

CVE-2023-37607

Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter...

7.5CVSS5.8AI score0.01374EPSS
Exploits4References4
OSV
OSV
added 2023/12/18 3:15 p.m.5 views

CVE-2023-46177

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536...

7.5CVSS5.9AI score0.01338EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/10 12:0 a.m.3 views

JFinalCMS Security Vulnerability

JFinalCMS is a content management system by heyewei personal developer. A security vulnerability exists in JFinalCMS version 5.0.0 that allows remote attackers to traverse directories and read files via the /common/down/file fileKey parameter...

7.5CVSS6.8AI score0.01213EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2023/11/26 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-19365

The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...

9.1CVSS7.3AI score0.22292EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/08/09 12:0 a.m.8 views

PT-2023-26965 · Softing · Softing Secure Integration Server

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to create directories on affected installations, despite requiring authentication to exploit. The flaw exists within the handlin...

8.8CVSS7AI score0.01252EPSS
Exploits0References4
OSV
OSV
added 2023/07/31 1:15 a.m.6 views

CVE-2023-35016

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 257772...

6.5CVSS5.9AI score0.00946EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/06/15 3:23 p.m.3 views

CXF: directory listing / code exfiltration

A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to ...

7.5CVSS6.9AI score0.01193EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/06/01 12:0 a.m.6 views

CVE-2023-27639

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter filename in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to...

7.5AI score0.03551EPSS
Exploits1References1
OSV
OSV
added 2023/04/17 11:5 a.m.3 views

OESA-2023-1233 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.CVE-2023-0225 The Samb...

5.9CVSS6.7AI score0.00719EPSS
Exploits0References3
Rows per page
Query Builder