890 matches found
SHIRASAGI Path Traversal Vulnerability
SHIRASAGI is a content management system CMS for the Japanese Shirasagi project. A security vulnerability exists in SHIRASAGI versions prior to v1.18.0. An attacker could exploit this vulnerability to execute arbitrary code by changing or creating arbitrary files on the server...
WordPress plugin Orders Tracking for WooCommerce path traversal vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability in the...
ZOHO ManageEngine ADManager Plus 路径遍历漏洞
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...
CVE-2023-25914 Authneticated Path Traversal in Danfoss AK-SM800A
Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...
PT-2023-20359 · Danfoss · Ak-Sm800A +1
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface, potentially leading to a full system compromis...
Danfoss AK-SM800A 路径遍历漏洞
Danfoss AK-SM800A is a system manager from Danfoss, Denmark. Provides secure system control and monitoring A path traversal vulnerability exists in Danfoss AK-SM800A 3.3 and earlier versions, which stems from an improper restriction, and can be exploited by an attacker to retrieve and read system...
Apache Airflow 输入验证错误漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow Spark Provider...
Broadcom RAID Controller Access Control Error Vulnerability
The Broadcom RAID Controller is a series of RAID controllers from Broadcom Corporation. A security vulnerability exists in the Broadcom RAID Controller that originates from allowing a web server to provide private server files to an unauthenticated attacker...
Apache Airflow Input Validation Error Vulnerability (CNVD-2023-67067)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow Drill Provider...
CVE-2023-33365
A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server...
PT-2023-26572 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: Pimcore versions prior to 10.6.7 Description: A path traversal vulnerability exists in the AssetController::importServerFilesAction, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore log parameter. Th...
copyparty vulnerable to reflected cross-site scripting via k304 parameter
Summary The application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=... Details A reflected cross-site scripting XSS vulnerability exists in the web interface of the application that could allow an attacker to execute malicious javascript code by tricking user...
CVE-2023-2268
Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users...
CVE-2023-2268
Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users...
CVE-2023-2268
Plane v0.7.1 exposes a high‑confidentiality impact flaw: an unauthenticated attacker can view all stored server files of all users. Affected component is Plane software; root cause details are not explicitly stated beyond the access to stored files. NVD records CVSS‑3.1 base: 7.5 (AV:N/AC:L/PR:N/...
Plane 信息泄露漏洞
Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane version 0.7.1 that stems from allowing an unauthenticated attacker to view all server files stored by all users...
PT-2023-18624 · Plane · Plane
Name of the Vulnerable Software and Affected Versions: Plane version 0.7.1 Description: The issue allows an unauthenticated attacker to view all stored server files of all users. Recommendations: For Plane version 0.7.1, update to a version that contains a fix for this issue, as the current versi...
JVN#97127032: WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal
WordPress Plugin "Snow Monkey Forms" provided by Monkey Wrench Inc. contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be deleted by a remote attacker. Solution Update the plugin Update the plugin according to the information provided by the developer...
PT-2023-20543 · Tibco Software · Tibco Ebx Add-Ons
Name of the Vulnerable Software and Affected Versions: TIBCO EBX Add-ons versions 4.5.16 and below Description: The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an issue that allows an attacker with low-privileged application access to read system files that are accessible...
GitLab 路径遍历漏洞
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...