24 matches found
EUVD-2026-20884
Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed...
CVE-2025-66518
Apache Kyuubi Server 1.6.0–1.10.2 is affected by a path traversal/unauthorized local-file access vulnerability where an attacker able to reach the Kyuubi frontend could bypass the kyuubi.session.local.dir.allow.list. Root cause involves insufficient path normalization, permitting access to local ...
EUVD-2017-15747
Malware in sbrugna...
EUVD-2022-48706
Malicious code in bioql PyPI...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. A security vulnerability exists in Open WebUI version v10, which stems from improper path cleanup and could lead to unauthorized directory access...
CVE-2024-54382
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in boldthemes Bold Page Builder bold-page-builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through = 5.1.5...
ZTE Red Magic 8 Pro Security Vulnerability
ZTE Red Magic 8 Pro is a gaming smartphone. A security vulnerability exists in the ZTE Red Magic 8 Pro GENCNNX729JV1.0.0B21MR version, which stems from the presence of an improper access control vulnerability. An attacker can exploit the vulnerability to gain unauthorized access to the relevant...
Cisco FXOS and NX-OS Software Unauthorized Directory Access (CVE-2019-1600)
A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system...
Information disclosure
There is an information leak vulnerability in the digital media player DMS of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information...
CVE-2021-21740
There is an information leak vulnerability in the digital media player DMS of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information...
Cisco NX-OS Software Unauthorized Directory Access Vulnerability
According to its self-reported version, the Cisco NX-OS Software is affected by an unauthorized directory access vulnerability. This is due to a flaw in the implementation of file system permissions. An authenticated, local attacker could exploit this to access sensitive and critical files on the...
CVE-2019-1600 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability
A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system...
CVE-2019-1600 Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability
A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system...
CVE-2018-15429 Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability
A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...
CVE-2018-15429 Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability
A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...
Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability
A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...
Cisco Elastic Services Controller Unauthorized Directory Access Vulnerability
Cisco Elastic Services Controller is a cloud and systems management solution. Cisco Elastic Services Controllers has a security vulnerability in the ConfD server component implementation, where a local attacker could obtain sensitive information about an affected system...
CVE-2017-6693
A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.29.76...
CVE-2017-6693
A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.29.76...
HP NonStop Server非授权目录访问漏洞
惠普NonStop是一款容错服务器,可进行全面的故障检测和隔离,并保护数据的完整性。 NonStop服务器在处理目录访问权限时存在漏洞,本地攻击者可能利用此漏洞获取非授权访问。 在运行G06.29的HP NonStop Server上,如果没有分配可选的访问控制列表(ACL)项的话,就无法正确的评估目录权限。这可能对OSS目录造成安全漏洞,可能导致非授权的本地访问。 HP NonStop Server G06.29 临时解决方法: 首先备份2版本的文件组并升级到3版本: SCF DIAGNOSE FILESET $ZPMON.fileset, UPGRADE...