Lucene search
K

113 matches found

CVE
CVE
added 2025/01/25 1:49 p.m.63 views

CVE-2023-38012

CVE-2023-38012 affects IBM Cloud Pak System versions 2.3.3.6–2.3.4.0. A path traversal flaw allows a remote attacker to view arbitrary system files by crafting URL requests containing "dot dot" sequences (/../). IBM and CVE records cite the impact as directory traversal with CVSS v3.1 base score ...

5.3CVSS5.3AI score0.00478EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/04 2:36 p.m.53 views

CVE-2024-41765

CVE-2024-41765 affects IBM Engineering Lifecycle Optimization - Publishing (PUB) versions 7.0.2 and 7.0.3. A path traversal vulnerability allows remote attackers to view arbitrary files by sending specially crafted URLs containing dot-dot sequences (/../). IBM’s bulletin specifies CWE-22 (Path Tr...

6.5CVSS6.4AI score0.00577EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/08/01 12:0 a.m.3 views

rConfig Code Issue Vulnerability

rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig v3.9.4, which stems from a pathb parameter in the doDiff function of /classes/compareClass.php that contains server-side request forgery SSRF, which allows an authenticated attacker to...

8.8CVSS6.8AI score0.02965EPSS
Exploits1References2
OSV
OSV
added 2023/05/16 7:15 p.m.3 views

CVE-2023-30510

A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possib...

4.3CVSS5.9AI score0.0058EPSS
Exploits0References1
NVD
NVD
added 2023/05/16 7:15 p.m.18 views

CVE-2023-30510

A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possib...

4.3CVSS4.4AI score0.0058EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.7 views

PT-2023-22741 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: A vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Arub...

4.3CVSS4.2AI score0.0058EPSS
Exploits0References6
OSV
OSV
added 2023/03/14 5:15 a.m.4 views

CVE-2023-26459

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to ...

7.4CVSS7.2AI score0.0037EPSS
Exploits0References2
OSV
OSV
added 2023/02/23 8:15 p.m.46 views

CVE-2023-23915

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...

6.5CVSS7.5AI score0.00861EPSS
Exploits0References3
CNVD
CNVD
added 2023/02/21 12:0 a.m.19 views

IBM InfoSphere Information Server Directory Traversal Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A directory traversal vulnerability exists in IBM InfoSphere Information Server version 11.7,...

7.5CVSS6.8AI score0.01406EPSS
Exploits0References1
Prion
Prion
added 2022/08/01 1:15 p.m.12 views

Code injection

Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, bu...

4CVSS4.8AI score0.00487EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.14 views

VMware vCenter Server 代码问题漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A code issue vulnerability exists in VMware...

7.5CVSS7.4AI score0.00789EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.6 views

nbnbk 代码问题漏洞

nbnbk is based on thinkphp5 cms management system , B2C e-commerce open source php mall system platform , tp5 open source cms , thinkphp enterprise website source code for blogs , small and medium-sized enterprises to build a station secondary development . nbnbk 3 version of a security...

9.1CVSS8.5AI score0.00977EPSS
Exploits1References2
Prion
Prion
added 2022/05/26 4:15 p.m.12 views

Design/Logic Flaw

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attac...

4CVSS6.5AI score0.00591EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/28 12:0 a.m.9 views

PT-2022-18822 · Unknown · Navigate Cms

Name of the Vulnerable Software and Affected Versions: Navigate CMS version 2.9.4 Description: A Server-Side Request Forgery SSRF in the feed parser class allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...

4.9CVSS5.4AI score0.2195EPSS
Exploits6References15
CNVD
CNVD
added 2021/10/08 12:0 a.m.25 views

ECOA BAS controller arbitrary file upload vulnerability

ECOA BAS controller is a BAS controller developed by Ecoa Technologies Corp in Taiwan, China. ECOA BAS controller is vulnerable to arbitrary file uploads, which can be exploited to send specially crafted URL requests to the /upload URI with the file name and rbt parameters containing The "dot"...

10CVSS2.9AI score0.02248EPSS
Exploits1
CNVD
CNVD
added 2021/07/15 12:0 a.m.23 views

IBM Security Access Manager path traversal vulnerability

IBM Security Access Manager is a product of IBM Corporation for information security management. The product enables access management control through integrated Web-, mobile-, and cloud-oriented devices.IBM Security Access Manager Docker is vulnerable to a path traversal vulnerability that...

6.8CVSS4.6AI score0.01892EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/06/23 1:10 p.m.3 views

grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL

An SSRF incorrect access control vulnerability was found in Grafana regarding the avatar feature, allowing any unauthenticated user or client to make Grafana send HTTP requests to any URL and then return its result to the user or client. Additionally, the same issue can create a NULL pointer...

8.2CVSS7.1AI score0.99856EPSS
Exploits5References6
Positive Technologies
Positive Technologies
added 2019/06/19 12:0 a.m.4 views

PT-2019-17052 · Ibm · Ibm Campaign

Name of the Vulnerable Software and Affected Versions: IBM Campaign versions 9.1.2 through 10.1 Description: The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing dot dot sequences ../ to view arbitrary files on the system...

4.3CVSS4.7AI score0.02284EPSS
Exploits0References4
OSV
OSV
added 2019/03/21 4:0 p.m.5 views

CVE-2018-20631

PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file...

5.3CVSS5.9AI score0.01626EPSS
Exploits1References1
NVD
NVD
added 2019/01/30 3:29 p.m.17 views

CVE-2018-15136

TitanHQ SpamTitan before 7.01 has Improper input validation. This allows internal attackers to bypass the anti-spam filter to send malicious emails to an entire organization by modifying the URL requests sent to the application...

5.3CVSS5.3AI score0.00957EPSS
Exploits1References1
Rows per page
Query Builder