Lucene search
K

180 matches found

Prion
Prion
added 2023/10/19 2:15 p.m.20 views

Path traversal

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach...

4CVSS6.3AI score0.01493EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2023/04/11 10:15 a.m.1 views

CVE-2023-28828

A vulnerability has been identified in Polarion ALM All versions V22R2. The application contains a XML External Entity Injection XXE vulnerability. This could allow an attacker to view files on the application server filesystem...

5.9CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 2023/04/11 9:3 a.m.22 views

CVE-2023-28828

A vulnerability has been identified in Polarion ALM All versions V22R2. The application contains a XML External Entity Injection XXE vulnerability. This could allow an attacker to view files on the application server filesystem...

5.9CVSS5.9AI score0.0059EPSS
Exploits0References1
CVE
CVE
added 2023/04/11 9:3 a.m.38 views

CVE-2023-28828

CVE-2023-28828 is an XXE vulnerability in Polarion ALM affecting all versions prior to V22R2 (and referenced in related advisories for V2304.0). The root cause is improper restriction of XML External Entity references, enabling an attacker to view files on the application server filesystem. Impac...

7.5CVSS5.6AI score0.0059EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/16 12:0 a.m.8 views

CVE-2022-38731

Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. Only images are displayed to the attacker. All other files are loaded but not displaye...

4.8AI score0.00729EPSS
Exploits0References2
OSV
OSV
added 2023/02/14 8:15 p.m.5 views

CVE-2023-22629

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem...

8.8CVSS5.8AI score0.12322EPSS
Exploits4References4
OSV
OSV
added 2023/01/31 3:15 p.m.5 views

CVE-2022-46835

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due t...

7.5CVSS5.9AI score0.00935EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/12/15 12:0 a.m.15 views

Apache Atlas 0.8.4 - 2.2.0 Path Traversal Vulnerability

Apache Atlas is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:atlas"; if...

8.8CVSS8.7AI score0.01384EPSS
Exploits0References2
OSV
OSV
added 2022/12/14 9:30 a.m.19 views

GHSA-P782-4J23-XQCG Apache Atlas: zip path traversal in import functionality

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0...

8.8CVSS8.5AI score0.01384EPSS
Exploits0References5
NVD
NVD
added 2022/12/14 9:15 a.m.34 views

CVE-2022-34271

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0...

8.8CVSS0.01384EPSS
Exploits0References1
CVE
CVE
added 2022/12/14 8:35 a.m.96 views

CVE-2022-34271

CVE-2022-34271 is a path traversal vulnerability in Apache Atlas in the import module. It affects versions 0.8.4 through 2.2.0 and allows an authenticated user to write to the web server filesystem due to improper input validation in the import functionality. Exploitation status or in-the-wild de...

8.8CVSS8.6AI score0.01384EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/22 12:0 a.m.3 views

PT-2022-6159 · Dell · Dell Geodrive

Name of the Vulnerable Software and Affected Versions: Dell GeoDrive versions 1.0 through 2.2 Description: The issue concerns a Path Traversal Vulnerability in the reporting function of Dell GeoDrive. This vulnerability could allow a local, low-privileged attacker to gain unauthorized delete acce...

7.1CVSS6.8AI score0.00192EPSS
Exploits0References4
NVD
NVD
added 2022/08/10 5:15 p.m.25 views

CVE-2022-34365

WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

6.5CVSS0.00701EPSS
Exploits0References1
Prion
Prion
added 2022/08/10 5:15 p.m.19 views

Path traversal

WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

4CVSS6.2AI score0.00701EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/24 5:0 p.m.19 views

CVE-2022-29097

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

4.9CVSS5.7AI score0.01209EPSS
Exploits0References1
NVD
NVD
added 2022/04/21 9:15 p.m.14 views

CVE-2022-24424

Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web...

7.5CVSS0.01575EPSS
Exploits0References1
NVD
NVD
added 2022/03/05 12:15 a.m.26 views

CVE-2022-25312

An XML external entity XXE injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions 2.7. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's...

9.1CVSS0.02814EPSS
Exploits0References2
NVD
NVD
added 2022/01/11 8:15 p.m.24 views

CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...

6.8CVSS0.01465EPSS
Exploits0References3
Prion
Prion
added 2022/01/11 8:15 p.m.17 views

Unrestricted file upload

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...

6.8CVSS6.3AI score0.01465EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/01/11 7:19 p.m.27 views

CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...

6.5AI score0.01465EPSS
Exploits0References3
Rows per page
Query Builder