314 matches found
curl -- Multiple vulnerabilities
The curl project reports: CVE-2022-27778: curl removes wrong file on error CVE-2022-27779: cookie for trailing dot TLD CVE-2022-27780: percent-encoded path separator in URL host CVE-2022-27781: CERTINFO never-ending busy-loop CVE-2022-27782: TLS and SSH connection too eager reuse CVE-2022-30115:...
Reflected XSS
Description Hello , i found an authenticated reflected xss via path fragment this was exploitable through trusting user input in url path fragement , please note : if you wrote a different payload you need to URL Encode the payload twice Proof of Concept Enter this url :...
IBM: SQL injection in URL path processing on www.ibm.com
A blind SQL injection in URL path processing on www.ibm.com was reported to IBM, analyzed and has been remediated. Thank you to @asterite. Blind SQL injection was present in URL path processing on www.ibm.com. An interesting thing is that the vulnerability was present in, essentially, any path, o...
GHSA-RPJ6-2Q8R-98F8 Request logging bypass in Jenkins Audit Trail Plugin
Audit Trail Plugin logs requests whose URL path matches an admin-configured regular expression. A discrepancy between the behavior of the plugin and the Stapler web framework in parsing URL paths allows attackers to craft URLs that would bypass request logging in Audit Trail Plugin 3.6 and earlie...
CVE-2022-0391
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...
Grafana -- Directory Traversal
GitHub Security Labs reports: A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrar...
JBCS: URL normalization issue with dot-dot-semicolon(s) leads to information disclosure
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolons. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest...
SUSE-SU-2021:3555-1 Security update for salt
This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265, CVE-2021-21996...
CVE-2020-20514
A Cross-Site Request Forgery CSRF in Maccms v10 via admin.php/admin/admin/del/ids/.html allows authenticated attackers to delete all users...
CVE-2021-32506
Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...
CVE-2021-32508
Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager...
CVE-2021-32507
Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...
Path traversal
Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...
CVE-2021-32506
The CVE-2021-32506 entry concerns QSAN Storage Manager (QSAN Storage Manager NAS OS). A path traversal vulnerability exists in the GetImage function that does not validate the URL path parameter, enabling remote authenticated attackers to download arbitrary files. The issue is mitigated by updati...
QSAN Storage Manager 路径遍历漏洞
QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A path traversal vulnerability exists in QSAN Storage Manager. The vulnerability stems from the product's getImage function not validating the path parameter in the URL, which allows an attacker to downlo...
PT-2021-19734 · Qsan · Qsan Storage Manager
Name of the Vulnerable Software and Affected Versions: QSAN Storage Manager versions prior to 3.3.3 Description: The issue allows remote authenticated attackers to access arbitrary files by injecting a Symbolic Link following the Url path parameter in the FileviewDoc component of QSAN Storage...
CVE-2021-1525
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability b...
CVE-2021-29492
Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences %2F and %5C in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. /something%2F..%2Fadmin, to bypass access control, e.g. a block on /admin. A...
Directory Traversal
flow-server is vulnerable to directory traversal. The attack is possible due to a lack of proper validation of URL path, allowing an attacker to inject ../ characters into in parameters to access resources outside of the web root...
Pyrescom Termod4 time management access control error
A security vulnerability exists in Pyrescom Termod4 time management devices that stems from the inclusion of local files in the devices allowing an authenticated, remote attacker to traverse directories and read sensitive files via the Maintenance Log menu and manipulate file paths in URLs...