Debian DLA-2754-1 : pywps - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2754 advisory. DLA text goes here For Debian 9 stretch, this problem has been fixed in version 4.0.0-3+deb9u1. We recommend that you upgrade your pywps packages. For the detailed security...

CVE-2021-38555

An XML external entity XXE injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions 2.5. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of...

Xxe

An XML external entity XXE injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions 2.5. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of...

XML External Entity (XXE) Injection

pywps is vulnerable to XML External Entity XXE Injection. An attacker is able to view files on the application server filesystem as the lxml default parser allows assigning a path to the entity...

CVE-2021-39371

An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...

CVE-2021-39371

An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...

CVE-2021-39371

An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...

Directory traversal

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal...

HedgeDoc 路径遍历漏洞

HedgeDoc is a Javascript-based real-time editing and sharing platform for Markdown documents from the HedgeDoc team. A path traversal vulnerability exists in HedgeDoc, which allows an attacker to read an arbitrary .md file from the server's filesystem to perform relative path traversal...

CVE-2021-27220

An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG's Web server...

CVE-2020-29494

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files...

Code injection

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists in Andover Continuum All versions, which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data...

CVE-2019-14766

Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem...

Path traversal

Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem...

SAP Management Console List Config Files

This module attempts to list the config files through the SAP Management Console SOAP Interface. Returns a list of config files found in the SAP configuration with its absolute paths inside the server filesystem. This module requires Metasploit: https://metasploit.com/download Current source:...

Unspecified Vulnerability in Schneider Electric StruxureWare Data Center Operation

Schneider Electric StruxureWare Data Center Operation is a suite of data center operations software from Schneider Electric, France. The software provides an instant overview of data center operations through inventory management, PUE calculations, real-time equipment alerts and location-based...

[SECURITY] [DLA 1441-1] sympa security update

Package : sympa Version : 6.1.23dfsg-2+deb8u2 CVE ID : CVE-2018-1000550 A vulnerability has been discovered in Sympa, a modern mailing list manager, that allows write access to files on the server filesystem. This flaw allows to create or modify any file writable by the Sympa user, located on the...

CVE-2018-11051

RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the applicati...

CVE-2018-11051 RSA Certificate Manager Path Traversal Vulnerability

RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the applicati...

Directory traversal

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This...