29 matches found
CVE-2021-42052
IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter...
GHSA-GJFX-9WX3-J6R7 Apache MyFaces Vulnerable to Path Traversal
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...
Atlassian Jira授权问题漏洞
Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage various types of issues and defects in the workplace. An authorization issue vulnerability exists in Atlassian Jira Server and Data Center, which stems from the product's...
Trend Micro HouseCall for Home Networks 代码问题漏洞
Trend Micro HouseCall for Home Networks is a suite of home network security scanning software from Trend Micro. The software supports scanning a wide range of home network devices and identifying network risks. Trend Micro HouseCall for Home Networks is vulnerable to a code issue that arises when...
Remote Mouse Directory Traversal Vulnerability
Remote Mouse is a remote mouse control software. Remote Mouse suffers from a directory traversal vulnerability that originates when a networked system or product fails to properly filter special elements in a resource or file path. An attacker could exploit the vulnerability to access locations...
CVE-2018-20335
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APPInstallation.asp?= URI...
The vulnerability of the Firefox ESR browser allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability of Firefox ESR lies in the improper restriction on the resource:URL. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code with privileges equivalent to those of Chrome, thereby circumventing access control policies. This can be achieved, fo...
UBUNTU-CVE-2013-4484
Varnish before 3.0.5 allows remote attackers to cause a denial of service child-process crash and temporary caching outage via a GET request with trailing whitespace characters and no URI...
Design/Logic Flaw
The request handler in JBossWS in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read...