Input validation

An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323...

CVE-2022-22373

An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323...

PT-2022-15398 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue is related to improper validation, which may allow the creation of directories and files on the server file system. These files may contain non-sensitive debugging...

DELL Wyse Management Suite Path Traversal Vulnerability

DELL Wyse Management Suite is Dell's hybrid cloud security management solution for Wyse thin client devices, designed to simplify IT management processes and enhance device security. A path traversal vulnerability exists in DELL Wyse Management Suite, which can be exploited by an attacker to gain...

Dell WMS 路径遍历漏洞

DELL Wyse Management Suite is Dell's hybrid cloud security management solution for Wyse thin client devices, designed to simplify IT management processes and enhance device security. A path traversal vulnerability exists in DELL Wyse Management Suite, which can be exploited by an attacker to gain...

CVE-2022-32262

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution...

GHSA-C8WJ-Q36Q-3WG4 phpMyAdmin Arbitrary file read vulnerability

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

GHSA-5HG8-R9VQ-GJQP Improper Restriction of XML External Entity Reference in Apache FOP

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...

Cambium Networks cnMaestro 路径遍历漏洞

Cambium Networks cnMaestro is a cloud-based or native software platform from Cambium Networks for secure end-to-end network control. Cambium Networks cnMaestro suffers from a path traversal vulnerability that stems from cnMaestro's susceptibility to an arbitrary file write attack. An attacker...

Siemens Teamcenter 代码问题漏洞

Siemens Teamcenter is a product lifecycle management computer software application from Siemens, Germany. Siemens Teamcenter contains a security vulnerability that could be exploited by attackers to view files on the application server file system...

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...

CVE-2021-25003

The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE...

Apache Any23 code issue vulnerability

Apache Any23 is a library, Web service, and command-line tool from the Apache Foundation, USA. It can extract structured data in RDF format from a variety of Web documents.Any23 versions prior to 2.7 contain a code issue vulnerability that could be exploited by an attacker to interfere with an...

Apache Any23 代码问题漏洞

Apache Any23 is a library, Web service, and command-line tool from the Apache Foundation, USA. It can extract structured data in RDF format from a variety of Web documents.Any23 versions prior to 2.7 contain a code issue vulnerability that could be exploited by an attacker to interfere with an...

CVE-2021-23195

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 has the option for automated indexing directory listing activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all...

Sysaid Technologies SysAid has an unspecified vulnerability

Sysaid Technologies SysAid is an IT service management solution from the Israeli company SysAid Technologies Sysaid Technologies.A security vulnerability exists in SysAid ITIL, which could be exploited by an attacker to copy arbitrary files on the server file system to the Web root via the HTTP...

CVE-2022-21863

Windows StateRepository API Server file Elevation of Privilege Vulnerability...

CVE-2022-21863

Windows StateRepository API Server file Elevation of Privilege Vulnerability...

CVE-2021-43566

CVE-2021-43566 affects Samba up to version 4.13.15 (all versions prior to 4.13.16). A malicious client can exploit a race between SMB1 or NFS paths to create a directory in a server filesystem area that is not exported under the share definition. SMB1 must be enabled (or the share accessible via ...

CVE-2021-43566

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for...