890 matches found
Path Traversal in f-serv
All versions of f-serv are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative package until a fix is made available...
GHSA-VX5W-CXCH-WWC9 Path Traversal in f-serv
All versions of f-serv are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative package until a fix is made available...
GHSA-CRF7-FVJX-863Q Path Traversal in zero
Versions of zero prior to 1.0.6 are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files by using relative paths when fetching files. Recommendation Upgrade to version 1.0.6 or later...
Path Traversal in file-static-server
All versions of file-static-server are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative module until a fix is mad...
Path Traversal in ponse
Versions of ponse prior to 2.0.2 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation Upgrade to version 2.0.2 or later...
CVE-2020-15124
In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attackers to access files on the server via the application. This is limited to files accessible to the application server user, eg. tomcat, but can potentially lead to the disclosure of sensitive...
Path traversal
In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attackers to access files on the server via the application. This is limited to files accessible to the application server user, eg. tomcat, but can potentially lead to the disclosure of sensitive...
CVE-2020-15124 Path traversal in Goobi viewer Core
In Goobi Viewer Core before version 4.8.3, a path traversal vulnerability allows for remote attackers to access files on the server via the application. This is limited to files accessible to the application server user, eg. tomcat, but can potentially lead to the disclosure of sensitive...
Arbitrary File Deletion Vulnerability in MCMS
MCMS is a website building system of MINGFEI TECHNOLOGY CO. MCMS suffers from an arbitrary file deletion vulnerability. An attacker can exploit this vulnerability to delete arbitrary files from the server...
XML External Entity (XXE)
everrest-core is vulnerable to XML external entity XXE attacks. The external DTDs are not disabled by default, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server or read system files...
Arbitrary File Deletion Vulnerability in Tongda CMS Blue Bilingual Corporate Website
Tongda CMS is a set of website management system specialized in building websites for small and medium-sized enterprises SMEs, which is developed by using PHP+MYSQL. Tongda CMS blue Chinese-English bilingual enterprise website has an arbitrary file deletion vulnerability that can be exploited by...
File Containment Vulnerability in MetInfo v5.0.4 of Changsha Mito Information Technology Co.
Mito enterprise building system MetInfo is a free and open source enterprise CMS. Changsha Mito Information Technology Co., Ltd MetInfo v5.0.4 version of the file contains a vulnerability that can be exploited by attackers to view sensitive server files...
Arbitrary File Deletion Vulnerability in Monstra CMS
Monstra is a modern and lightweight content management system. Monstra CMS suffers from an arbitrary file deletion vulnerability that can be exploited by an attacker to delete files under the server...
Catalog Traversal Vulnerability in the Electricity Cloud Platform of Ankorui Electric Co.
Anchorui Electric Co., Ltd Smart Electricity Cloud Platform is a set of electrical fire early warning and prevention management system developed for the frequent occurrence of electrical fires. A directory traversal vulnerability exists in the Ankrui Electric Company Limited Intelligent Electrici...
Arbitrary File Deletion Vulnerability in Yunye CMS
Yunye CMS is an enterprise website building system developed by Luoyang Yunye Information Technology Co. Yunye CMS has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete any file on the server...
Arbitrary File Deletion Vulnerability in Aptar CMS (CNVD-2020-32581)
Aptar CMS website management system is developed with PHP+MYSQL technology and MVC model, with a clear structure and easy-to-maintain code. Aptar CMS has an arbitrary file deletion vulnerability that can be exploited by attackers to delete server files...
Arbitrary File Download Vulnerability in Kaiping Lianke Network Technology Co.
Kaiping Lianke Network was founded in 2005, is a main website construction, website promotion, speedy software, bathroom ERP management software, micro letter marketing company. Kaiping City, Lianke Network Technology Co., Ltd. station-building system exists arbitrary file download vulnerability,...
CVE-2019-20390
A Cross-Site Request Forgery CSRF vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a G...
Arbitrary File Deletion Vulnerability in Haiwell's Cloud Configuration Software Cloud SCADA
Haiwell Haiwell cloud configuration software Cloud SCADA is an industrial automation monitoring and management platform software developed by Xiamen Haiwell Technology Co. Haiwell Haiwei Cloud SCADA configuration software Cloud SCADA arbitrary file deletion vulnerability, an attacker can exploit...
SSYCMS UGC Contributor Edition suffers from arbitrary file read vulnerability
SSYCMS is a free and open source commercial content management system. SSYCMS UGC Submission Edition suffers from an arbitrary file read vulnerability, which can be exploited by an attacker to arbitrarily read server files...