232 matches found
CVE-2025-0823
IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2025-0823
CVE-2025-0823 affects IBM Cognos Analytics 11.2.0–11.2.4 FP5 and 12.0.0–12.0.4. Root cause is a path traversal vulnerability allowing a remote attacker to view arbitrary files by sending crafted URLs with /../ sequences. Impact is exposure of sensitive files; no exploitation details are provided ...
CVE-2024-41784
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences /.../ to view arbitrary files on the system...
CVE-2024-45652 IBM Maximo Asset Management directory traversal
IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-45074 IBM webMethods Integration directory traversal
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-45074 IBM webMethods Integration directory traversal
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-45074
IBM webMethods Integration 10.15 contains a path traversal vulnerability (CVE-2024-45074) that can be exploited by an authenticated user to view arbitrary files via crafted URLs containing dot-dot sequences ("/../"). The issue is caused by insufficient input validation on directory traversal, ena...
RHEL 4 : curl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - curl: URL request injection vulnerability in parseurlandfillconn CVE-2014-8150 Note that Nessus has not tested for...
Delta Electronics DIAEnergie Path Traversal Vulnerability
Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. A path traversal vulnerability exists in Delta Electronics DIAEnergie, which can be exploited by an attacker to write an arbitrary file on the system by sending a specially crafted URL...
CVE-2024-30392
A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon flowd of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service DoS. On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific UR...
CVE-2024-22328
CVE-2024-22328 affects IBM Maximo Application Suite (MAS) Manage component in MAS 8.10 and 8.11. A remote attacker can perform path traversal by sending a URL with dot-dot sequences (/../) to view arbitrary files, leading to arbitrary file disclosure. Root cause: CWE-22 (path traversal). CVSS v3....
CVE-2023-38366
IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 261115...
Design/Logic Flaw
IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 261115...
CVE-2023-35020 IBM Sterling Control Center directory traversal
IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 257874...
CVE-2023-35020 IBM Sterling Control Center directory traversal
IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 257874...
CVE-2023-48244
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...
CVE-2021-46901
examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR aka 6lbr 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network...
Stack overflow
examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR aka 6lbr 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network...
CVE-2023-47702
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view modify files on the system. IBM X-Force ID: 271196...
Design/Logic Flaw
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536...