69 matches found
Improper Handling of Case Sensitivity
Overview Flask-Cors is an A Flask extension adding a decorator for CORS support Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the trymatch function. An attacker can access restricted paths and potentially expose sensitive data by exploiting the case...
The vulnerability of the Xerox Workplace Suite print server, related to incorrect path name restrictions for restricted access directories, allows attackers to gain read, modify, or delete access to data.
The vulnerability of the Xerox Workplace Suite print management server is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability can allow a malicious actor to gain read, modify, or delete access to data...
Medium: haproxy
Issue Overview: Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain...
OESA-2024-2548 haproxy security update
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...
OESA-2024-2547 haproxy security update
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...
OESA-2024-2545 haproxy security update
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...
ROS-20241203-03
The HTTP request interpretation vulnerability in HAProxy is related to the ability to access a path that is restricted by an ACL access control list installed on the product. Exploitation of the vulnerability could Allow an attacker acting remotely to obtain sensitive information...
DEBIAN-CVE-2024-53008
Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...
PT-2024-9565 · Veeam · Veeam Backup & Replication
Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation. The issue is related...
The vulnerability of Sonatype Nexus Repository Manager lies in the improper restriction of the path name to the restricted directory. This allows attackers to disclose protected information.
The vulnerability of Sonatype Nexus Repository Manager is related to incorrect restrictions on the path to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to disclose protected information...
The vulnerability in the Avalanche mobile device management web component allows a hacker to trigger a service failure.
The vulnerability of the Avalanche mobile device management web component is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the DevTools set of tools for web development in the Google Chrome browser allows a hacker to gain access to and modify files.
The vulnerability of the DevTools set of tools for web development in the Google Chrome browser is related to an incorrect path limitation for accessing restricted directories. Exploiting this vulnerability could allow a malicious actor to remotely access and modify files by downloading a special...
Node.js: fs.statfs bypasses Permission Model
A vulnerability was found in Node.js version 20 that allowed malicious actors to bypass the permission model and retrieve file stats using the fs.statfs API, even if they did not have explicit read access to the file...
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server’s server lies in the incorrect restriction on the path to the restricted-access catalog, which allows attackers to gain unauthorized access to protected information.
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to the disclosure of information through registration files. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2022-39034
Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...
Path traversal
Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files...
PT-2022-24688 · Unknown · Smart Evision
Name of the Vulnerable Software and Affected Versions: Smart eVision affected versions not specified Description: The issue is related to a path traversal vulnerability in the Report API function. This vulnerability is caused by insufficient filtering for special characters in URLs, allowing a...
Dell Container Storage Modules 路径遍历漏洞
Dell Container Storage Modules is a set of modules from Dell, Inc. Dell Container Storage Modules version 1.2 contains a path traversal vulnerability that could be exploited by a remote authenticated attacker with low privileges to cause unintentional access to paths outside of restricted...
django: Potential directory-traversal via Storage.save()
A directory-traversal flaw was found in Django's Storage.save method, where a network attacker could possibly traverse restricted paths using suitably crafted file names...
PT-2022-16164 · Wiki.Js · Wiki.Js
Name of the Vulnerable Software and Affected Versions: Wiki.js affected versions not specified Description: The issue affects Wiki.js, a wiki app built on Node.js, where an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths. This is...