PT-2023-20543 · Tibco Software · Tibco Ebx Add-Ons

Name of the Vulnerable Software and Affected Versions: TIBCO EBX Add-ons versions 4.5.16 and below Description: The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an issue that allows an attacker with low-privileged application access to read system files that are accessible...

TIBCO Security Advisory: May 23, 2023 - TIBCO EBX Add-ons -CVE-2023-26215

TIBCO EBX Add-ons Path Traversal Original release date: May 23, 2023 Last revised: --- CVE-2023-26215 Source: TIBCO SoftwareInc. Products Affected TIBCO EBX Add-ons versions 4.5.16 and below The following component is affected: server Description The component listed above contains a vulnerabilit...

CVE-2023-32322 Arbitrary file read in Ombi

Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host...

Cisco Identity Services Engine 输入验证错误漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. An arbitrary file read vulnerability exists in...

Cisco Identity Services Engine 路径遍历漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A path traversal vulnerability exists in Cisco...

CVE-2023-20171

Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about...

CVE-2023-30509

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files...

CVE-2023-30508

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files...

CVE-2023-30507

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files...

CVE-2023-30508

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files...

Path traversal

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files...

Aruba Networks EdgeConnect 路径遍历漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in Aruba Networks EdgeConnect Enterprise. An attacker could exploit the vulnerability to read arbitrary files on the underlying operating system, including sensitive...

Aruba Networks EdgeConnect 路径遍历漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in Aruba Networks EdgeConnect Enterprise. An attacker could exploit the vulnerability to read arbitrary files on the underlying operating system, including sensitive...

Path traversal

Greenplum Database GPDB is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this...

CVE-2023-31131

CVE-2023-31131 affects Greenplum Database (GPDB). The vulnerability arises from unsafe tar extraction within GPPKGs in versions prior to 6.22.3, enabling a path traversal that can lead to arbitrary file writes. An attacker could overwrite data or system files, potentially causing crashes or malfu...

codehaus-plexus: Directory Traversal

A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...

Directory traversal

3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an...

CVE-2022-48483

3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an...

CVE-2023-28770

The sensitive information exposure vulnerability in the CGI “ExportLog” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file...

CVE-2023-28770

The sensitive information exposure vulnerability in the CGI “ExportLog” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file...