Important: xz

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

SAP NetWeaver AS 路径遍历漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides web services, but is also the basic platform for SAP software. A path traversal vulnerability exists in SAP NetWeaver AS for ABAP and ABAP Platform, which could allow an attacker to exploit insufficient validation...

SAP ABAP Platform 路径遍历漏洞

SAP ABAP Platform is an ABAP-based SAP solution from SAP Germany. A path traversal vulnerability exists in SAP ABAP Platform, which stems from a failure of the network system or product to properly filter special elements in the path of a resource or file. An attacker could exploit this...

CVE-2023-1303

A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. Th...

CVE-2023-1303 UCMS System File Management Module fileedit.php unrestricted upload

A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. Th...

CVE-2023-1303

CVE-2023-1303 affects UCMS 1.6, specifically the System File Management Module and the sadmin/fileedit.php file. The root cause is manipulation of the file argument in that module, leading to an unrestricted upload. The issue can be exploited remotely according to multiple sources, with varying C...

UCMS 代码问题漏洞

UCMS is a content management system written in PHP. A code issue vulnerability exists in UCMS version 1.6, which stems from an unknown security issue in the file sadmin/fileedit.php in the component System File Management Module, which could lead to unrestricted uploads via the parameter id...

PT-2023-16875 · Ucms · Ucms

Name of the Vulnerable Software and Affected Versions: UCMS version 1.6 Description: A critical issue affects the System File Management Module, specifically the file sadmin/fileedit.php, allowing for unrestricted upload due to the manipulation of the file argument. This can be initiated remotely...

CVE-2023-26255

CVE-2023-26255 affects the STAGIL Navigation for Jira Menu & Themes plugin for Jira (before 2.0.52). Multiple sources confirm an unauthenticated path traversal/local file inclusion via the snjCustomDesignConfig endpoint when the fileName parameter is modified, enabling an attacker to read server ...

SUSE CVE-2020-14352

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system v...

PT-2023-10341 · Unknown · Mosbth Cimage

Name of the Vulnerable Software and Affected Versions: mosbth cimage versions up to 0.7.18 Description: A vulnerability was found in mosbth cimage, affecting an unknown functionality of the file check system.php. The manipulation of the argument $ SERVER'SERVER SOFTWARE' leads to cross site...

Microsoft Windows Win32k 安全漏洞

Microsoft Windows Win32k is a system file for Windows multi-user administration from Microsoft USA. A security vulnerability exists in Microsoft Windows Win32k. An attacker can exploit the vulnerability to elevate privileges...

PT-2023-13673 · Unknown · Aenrich A+Hrd

Name of the Vulnerable Software and Affected Versions: aEnrich a+HRD affected versions not specified Description: The aEnrich a+HRD log read function has a path traversal issue. This allows an unauthenticated remote attacker to bypass authentication and download arbitrary system files...

CVE-2022-20449

In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

PT-2022-24983 · Gnuboard5 · Gnuboard5

Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.5.8.2.1 Description: A problem was found in the FAQ Key ID Handler component, specifically in the file bbs/faq.php. The issue arises from the manipulation of the fm id argument, leading to cross-site scripting...

CVE-2022-39023

U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file...

Path traversal

U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file...

Path traversal

U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file...

CVE-2022-39023

CVE-2022-39023 concerns U-Office’s Force Download function, where a path traversal vulnerability allows a remote user with general privileges to download arbitrary system files. The NVD description states the vulnerability arises in the download mechanism and can be exploited without user interac...

CVE-2022-39022 e-Excellence Inc. U-Office Force - Path Traversal

U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file...