372 matches found
CVE-2021-43973
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file...
CVE-2021-22870 Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access
A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. Th...
IBM Sterling File Gateway Information Disclosure Vulnerability (CNVD-2021-87025)
IBM Sterling File Gateway is a suite of file transfer software from IBM Corporation. The software integrates different file transfer activity centers and helps file-based data to be securely exchanged over the Internet.An information disclosure vulnerability exists in IBM Sterling File Gateway,...
Any storage file can be downloaded from p.sh if full server path is known
The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...
GHSA-2RH5-JVGX-PGW3 Any storage file can be downloaded from p.sh if full server path is known
The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...
GHSA-GQCF-83RQ-GPFR Any storage file can be downloaded from p.sh if full server path is known
The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...
Any storage file can be downloaded from p.sh if full server path is known
The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...
Microsoft Exchange Server 安全漏洞
Exchange is a messaging and collaboration system that is a suite of e-mail service components from Microsoft. Microsoft Exchange Server Arbitrary File Write Vulnerability. An attacker can exploit this vulnerability to write a file to any path on the server after authenticating through the Exchang...
CVE-2020-4674
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287...
CVE-2020-4674
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287...
libvips Information Disclosure Vulnerability
libvips is a demand-driven multi-threaded image processing library. libvips versions prior to 8.8.2 are vulnerable to an information disclosure. The vulnerability stems from imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips having uninitialized variables. An attacker could use this...
CVE-2020-20739
imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...
DEBIAN-CVE-2020-20739
imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...
CVE-2020-20739
imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...
UBUNTU-CVE-2020-20739
imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...
CVE-2020-20739
imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...
CVE-2020-20739
imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...
CVE-2020-20739
CVE-2020-20739 affects VIPS (libvips) where im_vips2dz in libvips/deprecated/im_vips2dz.c uses an uninitialized variable, potentially leaking a remote server path or stack address. Multiple advisories reference VIPS and CVE-2020-20739 in the context of the upstream library and vendor updates. Deb...
CVE-2020-20739
imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...
libvips 安全漏洞
libvips is a demand-driven multi-threaded image processing library. libvips versions prior to 8.8.2 are vulnerable to an information disclosure. The vulnerability stems from imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips having uninitialized variables. An attacker could use this...