180 matches found
Path traversal
A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach...
CVE-2023-28828
A vulnerability has been identified in Polarion ALM All versions V22R2. The application contains a XML External Entity Injection XXE vulnerability. This could allow an attacker to view files on the application server filesystem...
CVE-2023-28828
A vulnerability has been identified in Polarion ALM All versions V22R2. The application contains a XML External Entity Injection XXE vulnerability. This could allow an attacker to view files on the application server filesystem...
CVE-2023-28828
CVE-2023-28828 is an XXE vulnerability in Polarion ALM affecting all versions prior to V22R2 (and referenced in related advisories for V2304.0). The root cause is improper restriction of XML External Entity references, enabling an attacker to view files on the application server filesystem. Impac...
CVE-2022-38731
Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. Only images are displayed to the attacker. All other files are loaded but not displaye...
CVE-2023-22629
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem...
CVE-2022-46835
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due t...
Apache Atlas 0.8.4 - 2.2.0 Path Traversal Vulnerability
Apache Atlas is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:atlas"; if...
GHSA-P782-4J23-XQCG Apache Atlas: zip path traversal in import functionality
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0...
CVE-2022-34271
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0...
CVE-2022-34271
CVE-2022-34271 is a path traversal vulnerability in Apache Atlas in the import module. It affects versions 0.8.4 through 2.2.0 and allows an authenticated user to write to the web server filesystem due to improper input validation in the import functionality. Exploitation status or in-the-wild de...
PT-2022-6159 · Dell · Dell Geodrive
Name of the Vulnerable Software and Affected Versions: Dell GeoDrive versions 1.0 through 2.2 Description: The issue concerns a Path Traversal Vulnerability in the reporting function of Dell GeoDrive. This vulnerability could allow a local, low-privileged attacker to gain unauthorized delete acce...
CVE-2022-34365
WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...
Path traversal
WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...
CVE-2022-29097
Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...
CVE-2022-24424
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web...
CVE-2022-25312
An XML external entity XXE injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions 2.7. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's...
CVE-2021-43972
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...
Unrestricted file upload
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...
CVE-2021-43972
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...