GENEREX RCCMD 路径遍历漏洞

GENEREX RCCMD is a multi-server shutdown software from GENEREX. GENEREX RCCMD suffers from a path traversal vulnerability that stems from the inclusion of a directory traversal issue. An attacker could view or alter arbitrary files on the server...

PT-2022-3194 · Siemens · Teamcenter

Name of the Vulnerable Software and Affected Versions: Teamcenter versions prior to V12.4.0.13 Teamcenter versions prior to V13.0.0.9 Description: The issue is related to incorrect restriction of XML links to external objects, which could allow an attacker to conduct XML External Entity XXE...

Charm 代码问题漏洞

Charm is Charm's set of tools for quickly building CLI programs. A code issue vulnerability exists in Charm. An attacker could exploit this vulnerability to spoof HTTP requests to manipulate the Charm data directory to access or delete any file on the server...

CVE-2022-26068

This affects the package pistacheio/pistache before 0.0.3.20220425. It is possible to traverse directories to fetch arbitrary files from the server...

GHSA-8V5P-2CPV-C2X6 Apache Tomcat Source Code Disclosure

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

Apache Tomcat Source Code Disclosure

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

GHSA-JXCV-V856-J5VG Apache Tomcat Source Code Disclosure

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...

CVE-2021-35250

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1...

CVE-2021-35250

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1...

CVE-2022-24424

Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web...

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

Path Traversal

github.com/argoproj/argo-cd is vulnerable to path traversal. A remote attacker is able to craft an API request to the /api/v1/repositories/repourl/appdetails endpoint to leak the contents from the out-of-bounds files in the repo-server...

PT-2022-6941 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.5.0 through 2.1.10 Argo CD versions 2.2.0 through 2.2.5 Argo CD versions 2.3.0 and earlier, excluding 2.3.0 Description: A path traversal vulnerability in Argo CD allows a malicious user with read/write access to leak...

DELL EMC AppSync Path Traversal Vulnerability

DELL EMC AppSync is a replicated data management software from Dell, Inc. It provides an SLA-driven, simple self-service approach to protecting, recovering and cloning critical Microsoft and Oracle applications and VMware environments. A path traversal vulnerability exists in Dell EMC AppSync,...

DELL EMC AppSync 路径遍历漏洞

DELL EMC AppSync is a replicated data management software from Dell, Inc. It provides an SLA-driven, simple self-service approach to protecting, recovering and cloning critical Microsoft and Oracle applications and VMware environments. A path traversal vulnerability exists in Dell EMC AppSync,...

CVE-2022-24424

Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web...

WordPress plugin 路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Simple Download Monitor has a path traversal vulnerability, which can be exploited by an attacker with a rol...

Arbitrary file deletion in Gitea

Description When user delete the LFS data in Gitea, the oid parameter is not been validated. The attacker can make an oid whose prefix is .... to traverse directory and delete any files on the server. Proof of Concept Create a repository on Gitea. e.g. foo/bar Send a POST request with your Gitea...

CVE-2022-22793

Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/emlviewer/email.content.body.php?filesystempath=ENCDODED PATH and by doing that, the attacker can read Local Files inside the server...

CVE-2022-23810

Template injection Improper Neutralization of Special Elements Used in a Template Engine vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to...