PT-2025-16194 · Crushftp · Crushftp

Name of the Vulnerable Software and Affected Versions: CrushFTP versions 9.x through 11.3.1 Description: The issue allows directory traversal via the "/WebInterface/function/" URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions. An attacker can send...

Linux Distros Unpatched Vulnerability : CVE-2016-6794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0....

CVE-2024-11215

Absolute path traversal incorrect restriction of a path to a restricted directory vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only...

CVE-2024-11215

Absolute path traversal incorrect restriction of a path to a restricted directory vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only...

CVE-2024-11215 Path traversal vulnerability in EasyPHP

Absolute path traversal incorrect restriction of a path to a restricted directory vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only...

CVE-2024-11215 Path traversal vulnerability in EasyPHP

Absolute path traversal incorrect restriction of a path to a restricted directory vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only...

CVE-2024-8941 Path Traversal vulnerability on Scriptcase

Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nmeditphpedit.php in the “subpage” parameter, which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via a “/...” or directly into a...

ManageEngine SecurityManager Plus 5.5 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine SecurityManager Plus 5.5 Directory Traversal', 'Description' = %q This module exploits a directory traversal flaw found in...

Apache Tomcat 8.0.0-RC1 < 8.0.27

The version of Tomcat installed on the remote host is prior to 8.0.27. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.0.27security-8 advisory. - Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, an...

Apache Tomcat 9.0.0.M1 < 9.0.0.M18

The version of Tomcat installed on the remote host is prior to 9.0.0.M18. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.0.m18security-9 advisory. - While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat...

Apache Tomcat 8.0.0.RC1 < 8.0.37 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.5and8.0.37security-8 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...

Apache Tomcat 9.0.0.M1 < 9.0.0.M10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.0.M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.0.m10security-9 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...

Apache Tomcat 7.0.0 < 7.0.72 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.72. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.72security-7 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC...

Apache Tomcat 8.5.0 < 8.5.12

The version of Tomcat installed on the remote host is prior to 8.5.12. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.12security-8 advisory. - While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M...

Sandbox Escape

Artemis Java Test Sandbox is vulnerable to Sandbox Escape. The vulnerability is caused due to missing checkLinkString override in the SecurityManager. This allows an attacker to load untrusted libraries and execute arbitrary Java code within the context of the application...

Sandbox Escape

de.tum.in.ase, artemis-java-test-sandbox is vulnerable to Sandbox Escape. The vulnerability is due to allowing users to create whitelisted class packages in the SecurityManager. An attacker can exploit this to includes class files in a package that Ares trusts leading to arbitrary Java code...

CVE-2023-4593

Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmindll.htm file...

Path traversal

Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmindll.htm file...

CVE-2023-4593

CVE-2023-4593 describes a path traversal vulnerability in BVRP Software SLmail. An authenticated remote user could bypass restrictions and enumerate files/directories outside the web root by manipulating the dodoc parameter in the /MailAdmin_dll.htm (MailAdmin dll.htm) entry, potentially exposing...

CVE-2023-4593 Path Traversal in BVRP Software SLmail

Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmindll.htm file...