PT-2024-14026 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows an authenticated privileged user to obtain the absolute path of the web server installation, which could aid in further attacks against the system. Recommendations:...

Thruk Path Traversal Vulnerability

Thruk is an open source multi-backend monitoring web interface from the individual developer Sven Nierlein in Germany. A path traversal vulnerability exists in versions prior to Thruk 3.12, which stems from a vulnerability that allows an attacker to arbitrarily upload files to any path on the...

The vulnerability of the GE Proficy HMI/SCADA iFIX software control system lies in improper code generation, which allows attackers to gain full control over the software.

The vulnerability of the GE Proficy HMI/SCADA iFIX supervisory control software lies in improper code generation. Exploiting this vulnerability can allow an attacker to gain full control over the software by introducing a malicious configuration file into the expected web server execution path...

CVE-2023-48848

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

CVE-2023-22273 ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction...

CVE-2023-4487

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

PT-2023-5230 · Ge · Ge Cimpicity

Name of the Vulnerable Software and Affected Versions: GE CIMPLICITY version 2023 Description: The issue is related to a process control vulnerability in GE CIMPLICITY 2023, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to...

python: open redirection vulnerability in lib/http/server.py may lead to information disclosure

A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...

SUSE CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

GE iFIX 代码注入漏洞

GE iFIX is General Electric's GE platform for improving productivity and process control through industrial-grade SCADA and high-performance HMI. A code injection vulnerability exists in GE iFIX. An attacker could use this vulnerability to insert a malicious configuration file into the intended w...

SUSE CVE-2007-0095

phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...

CVE-2022-23513

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

Pi-hole 访问控制错误漏洞

Pi-hole is a web-grade ad-blocking application from Pi-hole, Inc. Pi-hole suffers from an access control error vulnerability that stems from a lack of validation of code on the root server path...

CVE-2022-23513 Pi-Hole/AdminLTE vulnerable due to improper access control in queryads endpoint

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

CREALOGIX EBICS 跨站脚本漏洞

A cross-site scripting vulnerability exists in CREALOGIX EBICS version 7.0, which stems from the lack of effective filtering and escaping of user-supplied data in the /ebics-server/ebics.aspx file, which could be exploited to inject cross-site code and launch XSS attack...

python: open redirection vulnerability in lib/http/server.py may lead to information disclosure

A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...

CVE-2021-3688

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolons. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest...

Security Bulletin: IBM InfoSphere Master Data Management Collaborative Edition affected by various security vulnerabilities (CVE-2015-1984, CVE-2015-1968, CVE-2015-1982, CVE-2015-1980)

Summary IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to Privilege Escalation, Cross-Site Scripting, Server Path Disclosure and Click-Jacking vulnerabilities. Vulnerability Details CVEID: CVE-2015-1984 DESCRIPTION: IBM InfoSphere Master Data Management - Collaborativ...

Directory Traversal

pimcore is vulnerable to directory traversal. It does not properly handle session for file import, exposing server path for translation import...

CVE-2021-43973

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file...