Lucene search
K

372 matches found

NVD
NVD
added 2025/04/28 9:15 p.m.23 views

CVE-2025-0049

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...

4.3CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 2025/04/28 8:55 p.m.67 views

CVE-2025-0049

CVE-2025-0049 affects Fortra GoAnywhere before version 7.8.0. The vulnerability stems from an error message returned when a web user without Create permission on subfolders uploads a file to a non-existent directory; the message may expose the absolute server path, which could enable fuzzing for ...

4.3CVSS4.1AI score0.00213EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2025/02/19 9:17 p.m.1481 views

Autodesk: Exposing debug.log file leads to server full path disclosure

Vulnerability description not provided...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/09 1:20 a.m.5 views

CVE-2025-1086

A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to th...

6.9CVSS6.8AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2024/10/29 9:30 a.m.14 views

GHSA-762G-9P7F-MRWW Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...

5.1CVSS4.8AI score0.00149EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/24 7:47 a.m.34 views

CVE-2024-6049 Unauthenticated Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

0.04325EPSS
Exploits1References2
Hacker One
Hacker One
added 2024/10/12 7:9 a.m.6 views

Nextcloud: Exposing debug.log file leads to server full path disclosure

The debug.log file on the nextcloud.com website was publicly accessible and contained sensitive information, including the server's full directory path. This type of information disclosure could have assisted attackers in understanding the internal structure of the server...

6.3AI score
Exploits0
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.6 views

Agnaistic 安全漏洞

Agnaistic is a chatbot from Agnaistic Open Source. A security vulnerability exists in Agnaistic version 1.0.330 and earlier versions. An attacker can exploit the vulnerability to upload arbitrary files to any location on the server...

8.8CVSS6.7AI score0.00785EPSS
Exploits0References2
CVE
CVE
added 2024/08/17 8:54 a.m.178 views

CVE-2024-42271

CVE-2024-42271 affects the Linux kernel’s IUCV subsystem. The issue is a use-after-free in iucv_sock_close() and iucv_sever_path() caused by a race on severing the path, with iucv_path_sever being called from both process and bh contexts. Without atomic compare-and-swap, a window may exist where ...

7.8CVSS6.7AI score0.00235EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/08/15 2:15 p.m.4 views

CVE-2024-42680

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark...

5.5CVSS5.8AI score0.00301EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/08/15 12:0 a.m.3 views

Super easy enterprise management system 安全漏洞

Super easy enterprise management system is a comprehensive enterprise management software designed to help organizations improve their operational efficiency and management level. A security vulnerability exists in Super easy enterprise management system version v.1.0.0, which can be exploited to...

5.5CVSS6.7AI score0.00301EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.4 views

PT-2024-30106 · Unknown · Super Easy Enterprise Management System

Name of the Vulnerable Software and Affected Versions: Super easy enterprise management system versions 1.0.0 and earlier Description: An issue in the system allows a local attacker to obtain the server absolute path by entering a single quotation mark. This can be exploited to gain sensitive...

5.5CVSS6.8AI score0.00301EPSS
Exploits1References9
Veracode
Veracode
added 2024/08/13 8:16 a.m.11 views

Path Traversal

typo3/cms is vulnerable to Path Traversal. The vulnerability is caused due to a missing path validation while accessing the PHP scripts for testing purposes. This can lead to disclosure of the absolute server path to the TYPO3 installation...

7AI score
Exploits0
OSV
OSV
added 2024/07/24 7:15 a.m.2 views

CVE-2024-6553

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.00373EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.29 views

RHEL 7 : jetty (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jetty: Timing channel attack in util/security/Password.java CVE-2017-9735 - jetty: full server path...

7.5CVSS7.4AI score0.05795EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/05/30 9:16 p.m.13 views

TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure

It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation...

7.1AI score
Exploits0References5Affected Software1
OSV
OSV
added 2024/05/30 9:16 p.m.11 views

GHSA-PQFV-97HJ-G97G TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure

It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation...

5.3CVSS7.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.4 views

PT-2024-40408 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: A issue has been found where calling a PHP script, delivered with TYPO3 for testing purposes, reveals the absolute server path to the TYPO3 installation. Recommendations: At the moment, there...

5.3CVSS7AI score
Exploits0References6
OSV
OSV
added 2024/05/08 5:15 p.m.3 views

CVE-2024-25533

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website /WorkFlow/OfficeFileUpdate.aspx. This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements...

9.4CVSS6AI score0.0072EPSS
Exploits1References1
OSV
OSV
added 2024/02/21 3:15 p.m.4 views

CVE-2023-50955

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777...

2.7CVSS5.8AI score0.00595EPSS
Exploits0References2
Rows per page
Query Builder