PT-2026-43567

Name of the Vulnerable Software and Affected Versions BOSH Director versions prior to 282.1.12 Description The AgentClienthandle method processes NATS replies and invokes inject compile log for every response, which reads the compile log id from response'value''result''compile log id' and passes ...

CVE-2026-7445 ZachHandley ZMCPTools MCP Log Resource ResourceManager.ts path traversal

A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path traversal. Remote...

CVE-2026-7445 ZachHandley ZMCPTools MCP Log Resource ResourceManager.ts path traversal

A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path traversal. Remote...

CVE-2022-38130

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...

The vulnerability of the getLocalePrefix function in ResourceManager.java of the Eclipse Mojarra library, as a implementation of EE4J Eclipse for the Jakarta Faces specification, allows an attacker to gain unauthorized access to protected information.

The vulnerability of the getLocalePrefix function in the ResourceManager.java file of the Eclipse Mojarra library, as a implementation of EE4J Eclipse for the Jakarta Faces specification, is related to an incorrect restriction on the path name to the restricted directory. Exploiting this...

medicine.jnu.ac.kr Cross Site Scripting vulnerability OBB-2849763

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-38130

CVE-2022-38130 affects Keysight SMS (com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip). An unauthenticated, remote attacker can supply an UNC path to a zipped HSQLDB database, causing the database content to be restored and potentially enabling remote code execution as described...

Path Traversal in Eclipse Mojarra

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...

mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications...

[SECURITY] Fedora 28 Update: pacemaker-1.1.18-3.fc28

Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when...

Hadoop YARN ResourceManager Remote Command Execution

An unauthenticated command execution vulnerability exists in Apache Hadoop. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server. A successful attack could lead to a remote command execution...

Apache Hadoop YARN ResourceManager Unauthenticated RCE (Remote) (Xbash)

The Apache Hadoop YARN ResourceManager running on the remote host is allowing unauthenticated users to create and execute applications. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to potentially execute arbitrary code, subject to the user privileges...

Apache Hadoop YARN ResourceManager Web Interface

The web interface for Hadoop YARN ResourceManager was detected on the remote host. This interface can be used to monitor and assign resources for application execution. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid117616; scriptversion"1.4";...

Directory Traversal

JavaServer Faces is vulnerable to directory traversal. A malicious user can access arbitrary files through loc parameters in the function ResourceManager.java:getLocalePrefix...

Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...

Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...

Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...

Apache #Hadoop YARN ResourceManager Unauthenticated Command Execution Exploit

This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hadoop YARN...

Hadoop YARN ResourceManager Unauthenticated Command Execution

This module uses Hadoop's standard ResourceManager REST API to execute arbitrary commands on an unsecured Hadoop server. Hadoop administrators should enable Kerberos authentication for these endpoints by changing the 'hadoop.security.authentication' setting in 'core-site.xml' from 'simple' the...

CVE-2015-4684

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager aka RPRM before 8.4 allow 1 remote authenticated users to read arbitrary files via a .. dot dot in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary fil...