Lucene search
K

232 matches found

Cvelist
Cvelist
added 2020/08/13 11:50 a.m.26 views

CVE-2019-4582

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 167288...

4.3CVSS4.5AI score0.01359EPSS
Exploits0References2
NVD
NVD
added 2020/05/07 8:15 p.m.19 views

CVE-2020-4430

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535...

4.3CVSS4.7AI score0.68544EPSS
Exploits6References5
NVD
NVD
added 2020/03/31 3:15 p.m.21 views

CVE-2020-4240

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417...

6.5CVSS5.4AI score0.01919EPSS
Exploits0References2
Prion
Prion
added 2020/03/31 3:15 p.m.22 views

Cross site request forgery (csrf)

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417...

6.4CVSS6.3AI score0.01919EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/02/07 5:15 p.m.12 views

CVE-2014-5468

A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code...

8.8CVSS8.7AI score0.52563EPSS
Exploits6References5
NVD
NVD
added 2020/02/04 5:15 p.m.17 views

CVE-2019-4674

IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 171510...

6.8CVSS5.3AI score0.01934EPSS
Exploits0References2
NVD
NVD
added 2020/02/03 3:15 p.m.25 views

CVE-2013-2624

Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request...

5.3CVSS5AI score0.06492EPSS
Exploits2References2
Prion
Prion
added 2020/02/03 3:15 p.m.20 views

Path traversal

Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request...

5CVSS6.5AI score0.06492EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2020/02/03 2:39 p.m.57 views

CVE-2013-2624

Telaen before 1.3.1 is affected by a path-disclosure vulnerability that can reveal sensitive information via specially crafted URLs (full path disclosure through redir.php), with additional issues including remote redirection and reflected XSS in older versions (Telaen <= 1.3.0). The CVE entry...

5.3CVSS5.2AI score0.06492EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/02/03 2:39 p.m.34 views

CVE-2013-2624

Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request...

5.2AI score0.06492EPSS
Exploits2References2
Prion
Prion
added 2020/01/28 4:15 p.m.15 views

Cross site request forgery (csrf)

The downloadfromurl function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart...

10CVSS8.2AI score0.0554EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2019/11/26 5:15 a.m.22 views

CVE-2011-4350

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request...

6.5CVSS6.7AI score0.16142EPSS
Exploits3References1
Debian CVE
Debian CVE
added 2019/11/26 4:49 a.m.23 views

CVE-2011-4350

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request...

6.5CVSS4.3AI score0.16142EPSS
Exploits3
Prion
Prion
added 2019/09/30 4:15 p.m.19 views

Design/Logic Flaw

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 162769...

5CVSS5.2AI score0.02675EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/17 7:5 p.m.15 views

CVE-2019-4442

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226...

4.3CVSS4.5AI score0.02068EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/08/20 6:25 p.m.23 views

CVE-2019-4460

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 163681...

4.3CVSS7.2AI score0.02569EPSS
Exploits0References2
NVD
NVD
added 2019/06/27 2:15 p.m.17 views

CVE-2019-4252

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 159883...

7.5CVSS6.5AI score0.03366EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/06/27 1:45 p.m.22 views

CVE-2019-4252

IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 159883...

6.5CVSS7.2AI score0.03366EPSS
Exploits0References2
Prion
Prion
added 2019/04/15 3:29 p.m.21 views

Cross site request forgery (csrf)

IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919...

6.4CVSS8.6AI score0.03067EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/04/02 2:29 p.m.12 views

Design/Logic Flaw

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 144343...

5CVSS7AI score0.03395EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder