93 matches found
GHSA-3R3J-4VRW-884J files-bucket-server vulnerable to Directory Traversal
All versions of the package files-bucket-server are vulnerable to Directory Traversal, where an attacker can traverse the file system and access files outside of the intended directory...
CVE-2025-49656 Apache Jena: Administrative users can create files outside the server directory space via the admin UI
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue...
CVE-2025-0573
CVE-2025-0573 concerns the Sante PACS Server, where the vulnerability lies in the DCM file parsing that fails to validate a user-supplied path before file operations. This directory traversal can allow an unauthenticated, remote attacker to write arbitrary files on the server, running with the cu...
PT-2024-41081 · Spring · Spring Framework
Name of the Vulnerable Software and Affected Versions: Spring Framework affected versions not specified Description: The issue is related to the org.springframework.web.multipart package of the Spring Web module in the Spring Framework, which is associated with incorrect restriction of the path...
CVE-2024-48071
E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service...
The vulnerability of the OPC server WorkstationST, related to incorrect restrictions on the path name to the directory, allows a hacker to gain access to the server’s directory.
The vulnerability of the OPC server WorkstationST is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the server’s directory...
CVE-2023-40051
This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...
CVE-2023-40051
This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...
PT-2024-12836 · Progress · Progress Application Server (Pas) For Openedge
Name of the Vulnerable Software and Affected Versions: Progress Application Server PAS for OpenEdge versions 11.7 prior to 11.7.18 Progress Application Server PAS for OpenEdge versions 12.2 prior to 12.2.13 Progress Application Server PAS for OpenEdge innovation releases prior to 12.8.0...
Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
Description The plugin does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to...
Emoncms 安全漏洞
Emoncms is an open source web application. The program is primarily used to process, record and display energy, temperature and other environmental data. A security vulnerability exists in Emoncms v11 and earlier versions, which stems from the presence of an information disclosure vulnerability...
TIBCO Software EBX 路径遍历漏洞
TIBCO Software EBX is a software from TIBCO Software, Inc. that supports integration to manage enterprise data assets. A security vulnerability exists in TIBCO Software EBX version 4.5.16 and prior versions that could allow an attacker to upload files to a directory accessible from a web server...
CVE-2023-29268
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s...
CVE-2023-29268 TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s...
PT-2023-3159 · Tibco Software · Tibco Spotfire Statistics Services
Name of the Vulnerable Software and Affected Versions: TIBCO Spotfire Statistics Services versions 11.4.10 and below TIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.1.0, 12.2.0 Description: The Splus Server component o...
TIBCO Software Spotfire Statistics Services 代码问题漏洞
TIBCO Software Spotfire Statistics Services is a comprehensive library of statistics and data algorithms based on the TERR engine or other engines from TIBCO Software, USA. A security vulnerability exists in TIBCO Software Spotfire Statistics Services, which originates in the Splus Server compone...
CVE-2023-25579 Directory traversal in Nextcloud server
Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...
GHSA-VP56-R7QV-783V ahh vulnerable to Path Traversal
Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
CVE-2022-37422
Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded...
CVE-2022-35404
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine...