2184 matches found
Directory Traversal
servey is vulnerable to directory traversal. A lack of validation of the URL allows a remote attacker to retrieve system files by using the ../ characters...
Directory Traversal
http-live-simulator is vulnerable to directory traversal. The http-live-simulator module does not validate the URL pathname and allows remote attacker to retrieve arbitrary system files using the ../ charatcers...
Design/Logic Flaw
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...
CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...
GHSA-XG75-3277-GVVJ Directory Traversal in serve
Versions of serve before 7.1.3 are vulnerable to Directory Traversal. File paths are not sanitized leading to unauthorized access of system files. Recommendation Upgrade to version 7.1.3 or later...
Directory Traversal in serve
Versions of serve before 7.1.3 are vulnerable to Directory Traversal. File paths are not sanitized leading to unauthorized access of system files. Recommendation Upgrade to version 7.1.3 or later...
CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...
CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...
Directory Traversal
Liferay portal is vulnerable to directory traversal.XSL content portlet paths for XSL and XML content is not validated and allows a remote attacker to retrieve system files by submitting file:/// in the URL...
Node.js third-party modules: [serve] Path Traversal
I would like to report path traversal vulnerability in serve module It allows an attacker to read system files via path traversal vulnerability Module module name: serve version: 10.1.2 npm page: https://www.npmjs.com/package/serve Module Description Assuming you would like to serve a static site...
NuGet Package Manager Tampering Vulnerability
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure. An attacker who successfully exploited this vulnerability could potentially modify files and folders that are unpackaged on a...
Node.js third-party modules: [deliver-or-else] Path Traversal
I would like to report path traversal in deliver-or-else module It allows an attacker to read system files via path traversal through commandline Module module name: deliver-or-else version: 1.0.0 npm page: https://www.npmjs.com/package/deliver-or-else Module Description Copy description from npm...
XML External Entities (XXE)
jsbml-core is vulnerable to XML External Entities XXE attacks. The vulnerability exists as external entities are not disabled by default in SBML files, allowing an attacker to load and retrieve system files such as /etc/passwd...
(0Day) Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the acces...
CVE-2019-1647 Cisco SD-WAN Solution Unauthorized Access Vulnerability
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit thi...
CVE-2019-1647 Cisco SD-WAN Solution Unauthorized Access Vulnerability
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit thi...
Dell Encryption Enterprise Information Disclosure Vulnerability
Dell Encryption Enterprise is a suite of data protection solutions from Dell USA. The product includes features such as compliance management, authentication, disk data encryption and port encryption. An information disclosure vulnerability exists in Dell Encryption Enterprise version 10.1.0 and...
CVE-2018-15773
Dell Encryption (formerly Dell Data Protection/Encryption) versions 10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access could access the unencrypted RegBack folder containing backups of sensitive system files. The impact is confidentiality los...
CVE-2018-15773 Dell Encryption Enterprise \ Dell Data Protection Encryption Information Disclosure Vulnerability
Dell Encryption formerly Dell Data Protection | Encryption v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of...
XML External Entity (XXE)
recurly-api-client is vulnerable to XML external entity XXE attacks. The XML parser did not restrict externa DTD parsing and allows for a remote attacker to perform XXE attacks, resulting in access to system files or possibly execution of arbitrary commands...