128 matches found
Directory traversal
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow...
Dreamer CMS Security Vulnerability
Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS versions prior to 4.0.1, which stems from a directory traversal vulnerability. An attacker can exploit this vulnerability to modify template files or...
Artica Pandora FMS Security Vulnerability
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS versions 700 to 773, which arises from improper system privilege...
PT-2023-32476 · H2O · H2O
Name of the Vulnerable Software and Affected Versions: H2O affected versions not specified Description: The issue is related to a stored XSS vulnerability that can lead to a Local File Include attack. This allows an attacker to potentially execute malicious scripts or access sensitive files on th...
CVE-2023-4019
The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases...
CVE-2023-30507 Authenticated Remote Path Traversal in Aruba EdgeConnect Enterprise Command Line Interface
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files...
CVE-2022-3146
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information...
PT-2022-27175 · Unknown · Html2Xhtml
Name of the Vulnerable Software and Affected Versions: html2xhtml version 1.3 Description: The issue is related to an Out-Of-Bounds read in the elm close function at procesador.c. This allows attackers to access sensitive files or cause a Denial of Service DoS via a crafted html file...
CVE-2022-44311
html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elmclosetreenodet nodo at procesador.c. This vulnerability allows attackers to access sensitive files or cause a Denial of Service DoS via a crafted html file...
PT-2022-24888 · Unknown · Gin-Vue-Admin
Name of the Vulnerable Software and Affected Versions: Gin-vue-admin versions prior to 2.5.4 Description: The issue concerns an arbitrary file read due to insufficient validation of the fileMd5 and fileName parameters in the file upload functionality. This allows unauthorized access to files. The...
GHSA-9Q87-22GR-R8QF WildFly has incomplete blacklist vulnerability
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly formerly JBoss Application Server before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the 1 WEB-INF or 2 META-INF directory via a request that contains a lowercase or b...
WildFly has incomplete blacklist vulnerability
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly formerly JBoss Application Server before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the 1 WEB-INF or 2 META-INF directory via a request that contains a lowercase or b...
CVE-2022-22391
IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. IBM X-Force ID: 222059...
VISAM VBASE Editor
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Improper Access Control, Cross-site Scripting, Improper Restriction of XML External Entity Reference, Using Components with Known Vulnerabilities 2. RISK...
D-LINK DIR-3040 Zebra IP routing manager information disclosure vulnerability
Summary An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. Test...
Design/Logic Flaw
The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed external entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type:...
Advantech iView path traversal vulnerability (CNVD-2021-13241)
Advantech iView is a device management application for the energy, water and wastewater industries. A path traversal vulnerability exists in versions prior to Advantech iView 5.7.03.6112. An attacker can exploit this vulnerability to read sensitive files...
Apache Flink 路径遍历漏洞
Apache Flink is an efficient and distributed general purpose data processing platform. Apache Flink products have an arbitrary file write vulnerability that can be exploited by an attacker to read sensitive files on the server and with the help of hard-coded credentials exploit the vulnerability ...
Directory Traversal
Overview rollup-plugin-serve-favicon is a rollup plugin to serve bundles. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation. PoC by JHU System Security Lab Step 1: start a server var server = require"rollup-plugin-serve";...
Path Traversal
Overview Versions of sapper prior to 0.27.11 are vulnerable to Path Traversal. It is possible to access sensitive files on the server through HTTP requests containing URL-encoded ../. You may test a sapper application running in prod mode with curl -vvv...