CVE-2025-1086

A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to th...

GHSA-762G-9P7F-MRWW Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...

CVE-2024-6049 Unauthenticated Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

Nextcloud: Exposing debug.log file leads to server full path disclosure

The debug.log file on the nextcloud.com website was publicly accessible and contained sensitive information, including the server's full directory path. This type of information disclosure could have assisted attackers in understanding the internal structure of the server...

Agnaistic 安全漏洞

Agnaistic is a chatbot from Agnaistic Open Source. A security vulnerability exists in Agnaistic version 1.0.330 and earlier versions. An attacker can exploit the vulnerability to upload arbitrary files to any location on the server...

CVE-2024-42271

CVE-2024-42271 affects the Linux kernel’s IUCV subsystem. The issue is a use-after-free in iucv_sock_close() and iucv_sever_path() caused by a race on severing the path, with iucv_path_sever being called from both process and bh contexts. Without atomic compare-and-swap, a window may exist where ...

CVE-2024-42680

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark...

Super easy enterprise management system 安全漏洞

Super easy enterprise management system is a comprehensive enterprise management software designed to help organizations improve their operational efficiency and management level. A security vulnerability exists in Super easy enterprise management system version v.1.0.0, which can be exploited to...

PT-2024-30106 · Unknown · Super Easy Enterprise Management System

Name of the Vulnerable Software and Affected Versions: Super easy enterprise management system versions 1.0.0 and earlier Description: An issue in the system allows a local attacker to obtain the server absolute path by entering a single quotation mark. This can be exploited to gain sensitive...

Path Traversal

typo3/cms is vulnerable to Path Traversal. The vulnerability is caused due to a missing path validation while accessing the PHP scripts for testing purposes. This can lead to disclosure of the absolute server path to the TYPO3 installation...

CVE-2024-6553

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to...

RHEL 7 : jetty (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jetty: Timing channel attack in util/security/Password.java CVE-2017-9735 - jetty: full server path...

GHSA-PQFV-97HJ-G97G TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure

It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation...

TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure

It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation...

PT-2024-40408 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: A issue has been found where calling a PHP script, delivered with TYPO3 for testing purposes, reveals the absolute server path to the TYPO3 installation. Recommendations: At the moment, there...

CVE-2024-25533

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website /WorkFlow/OfficeFileUpdate.aspx. This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements...

CVE-2023-50955

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777...

IBM InfoSphere Information Server Security Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7 that originate...

PT-2024-14026 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows an authenticated privileged user to obtain the absolute path of the web server installation, which could aid in further attacks against the system. Recommendations:...

Thruk Path Traversal Vulnerability

Thruk is an open source multi-backend monitoring web interface from the individual developer Sven Nierlein in Germany. A path traversal vulnerability exists in versions prior to Thruk 3.12, which stems from a vulnerability that allows an attacker to arbitrarily upload files to any path on the...