CVE-2023-29919

SolarView Compact = 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted...

Directory traversal

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

CVE-2023-31179

AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request...

GHSA-HG77-VX9V-F49X Path Traversal in Asset "import from server" option

Impact An authenticated attacker can abuse import-server-files with a path traversal to download an arbitrary file from the server An arbitrary file read vulnerability allows an attacker to read files on the server that they should not have access to, potentially including sensitive files such as...

DEBIAN-CVE-2021-23166

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server...

DEBIAN-CVE-2021-44476

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files...

UBUNTU-CVE-2021-23166

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server...

PT-2023-12548 · Odoo · Odoo Community +1

Name of the Vulnerable Software and Affected Versions: Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description: A sandboxing issue allows authenticated administrators to read local files on the server, including sensitive configuration files. Recommendations...

PT-2023-12043 · Odoo · Odoo Community +1

Name of the Vulnerable Software and Affected Versions: Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description: A sandboxing issue allows authenticated administrators to read and write local files on the server. Recommendations: For Odoo Community versions...

ManageEngin AMP 4.3.0 - File-path-traversal

Exploit Title: ManageEngine Access Manager Plus 4.3.0 - File-path-traversal Author: nu11secur1ty Date: 11.22.2023 Vendor: https://www.manageengine.com/ Software: https://www.manageengine.com/privileged-session-management/download.html Reference:...

Path Traversal

flarum/core and flarum/framework is vulnerable to Path Traversal. The vulnerability exists because the whenSettingsSaving function in ValidateCustomLess.php does not properly restrict the custom LESS setting, which allows an attacker to access files outside the expected directory and read sensiti...

CVE-2023-27577 Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files in flarum

flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...

CVE-2023-1288

An XML External Entity injection XXE vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server...

PT-2023-36349 · Unknown · @Graphql-Mesh/Http +1

Name of the Vulnerable Software and Affected Versions: @graphql-mesh/cli versions prior to 0.82.21 @graphql-mesh/http versions prior to 0.3.18 Description: A missing check vulnerability in the static file handler allows any client to access files in the server's file system. When staticFiles is s...

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service DoS and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version...

USN-5835-1 cinder vulnerability

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information...

CVE-2023-0284

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...

Checkmk 输入验证错误漏洞

Checkmk is an editor. Checkmk has a security vulnerability that stems from its incorrect input validation of LDAP user ids allowing an attacker who has control over the LDAP user id to manipulate files on the server. The following versions are affected: 2.1.0p19 and earlier, 2.0.0p32 and earlier,...

CVE-2023-0284 Improper validation of LDAP user IDs

Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk = 2.1.0p19, Checkmk = 2.0.0p32, and all versions of Checkmk 1.6.0 EOL are affected...

PT-2023-16142 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 and earlier Checkmk versions 2.0.0 through 2.0.0p32 Checkmk versions 2.1.0 through 2.1.0p19 Description: The issue is related to improper input validation of LDAP user IDs, allowing attackers who can control these IDs t...