CVE-2023-45880

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname and extension. This allows creation of PHP files outside of the uploads...

CVE-2023-47246

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023...

CVE-2023-47246

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023...

Path traversal

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023...

CVE-2023-47246

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023...

CVE-2023-47246

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023...

UBUNTU-CVE-2023-5550

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

PT-2023-6939 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to a misconfigured shared hosting environment, allowing access to other users' content. A Moodle user with direct access to the web server outside of the Moodle webroot...

PT-2023-6781

Name of the Vulnerable Software and Affected Versions SysAid On-Premise versions prior to 23.3.36 Description A path traversal vulnerability in SysAid On-Premise software leads to code execution after an attacker writes a file to the Tomcat webroot. This issue has been exploited in the wild, with...

Samba Security Vulnerabilities

Samba is the standard Windows interoperability program suite for Linux and Unix. A security vulnerability exists in Samba. An attacker could exploit this vulnerability to access files and directories stored outside of the web root folder...

SQL Injection in `icms2/install/index.php`

Introduction I'm quite hesitant about reporting this vulnerability. After thinking about it, I knew I needed to provide this information to you!. As described in the documentation https://docs.instantcms.ru/en/manual/instal, at Post-Installation steps, you described that the installation director...

CVE-2023-4588

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...

CVE-2023-4588

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...

Design/Logic Flaw

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...

CVE-2023-4588 File accessibility vulnerability in Delinea Secret Server

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup...

Delinea Secret Server Security Vulnerability

Delinea Secret Server is a powerful PAM in the cloud or locally from Delinea USA. A security vulnerability exists in Delinea Secret Server versions v10.9.000002 and v11.4.000002, which originates from allowing an authenticated user with administrative privileges to create a backup file in the...

Directory traversal

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handlerequest function, used by the server to process HTTP requests, does not account for sequences of special path control...

CVE-2023-40274

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handlerequest function, used by the server to process HTTP requests, does not account for sequences of special path control...

Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of certificate web directory. The issue...

CVE-2023-33871

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot...