GHSA-Q93C-P2MW-P23F Dagster vulnerable to Path Traversal attack through its /logs endpoint

Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.10 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot '.'...

CVE-2023-51232

Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot '.'...

CVE-2023-51232

Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot '.'...

CVE-2023-51232

Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot '.'...

CVE-2025-27452

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable...

CVE-2025-27452 CVE-2025-27452

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable...

CVE-2025-27452 CVE-2025-27452

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable...

CVE-2025-3898

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver...

CVE-2025-3899

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

CVE-2025-3899

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

CVE-2025-3899

CVE-2025-3899 impacts Schneider Electric Modicon Controllers’ web interface (Certificates page). The issue is a Cross-Site Scripting (CWE-79) vulnerability caused by improper input neutralization during web page generation, allowing an authenticated malicious user to inject unvalidated data that ...

PT-2025-24626 · Schneider Electric · Modicon Controllers M241/M251

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An Uncontrolled Resource Consumption issue exists, potentially causing Denial of Service. This occurs when an authenticated malicious user sends a manipulated HTTPS Content-Length header to...

PT-2025-24629 · Unknown · Vwebserver

Name of the Vulnerable Software and Affected Versions: Webserver affected versions not specified Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This could allow an authenticated malicious user to inject...

PHP Exec, PHP Command Shell, Find Sock

Execute a PHP payload as an OS command from a Posix-compatible shell. Spawn a shell on the established connection to the webserver. Unfortunately, this payload can leave conspicuous evil-looking entries in the apache error logs, so it is probably a good idea to use a bind or reverse shell unless...

CVE-2024-40090

Vilo 5 Mesh WiFi System = 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page...

CVE-2024-40088

A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request...

CVE-2024-40084

A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths...

CVE-2024-24263

Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free UAF vulnerability via the responseappendstatusline function at /lotos/src/response.c...

CVE-2024-22088

Lotos WebServer through 0.1.1 commit 3eb36cc has a use-after-free in bufferavail at buffer.h via a long URI, because realloc is mishandled...

CVE-2024-27575

INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI...