Lucene search
K

2055 matches found

NVD
NVD
added 2024/10/01 12:15 p.m.43 views

CVE-2024-9405

An incorrect limitation of a path to a restricted directory path traversal has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the...

5.3CVSS0.00445EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/24 11:35 p.m.32 views

CVE-2024-8497 Franklin Fueling Systems TS-550 EVO Absolute Path Traversal

Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials...

8.7CVSS0.00594EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/24 11:35 p.m.14 views

CVE-2024-8497 Franklin Fueling Systems TS-550 EVO Absolute Path Traversal

Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials...

8.7CVSS6.7AI score0.00594EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/09/16 2:37 p.m.19 views

Mattermost Desktop App Uncontrolled Search Path Vulnerability

Mattermost Desktop App versions =5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine...

7.8CVSS7.6AI score0.00299EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/09/16 6:40 a.m.23 views

CVE-2024-39613 RCE in desktop app in Windows by local attacker

Mattermost Desktop App versions =5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine...

5.3CVSS0.00299EPSS
Exploits0References1
NVD
NVD
added 2024/08/15 2:15 p.m.17 views

CVE-2024-42680

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark...

5.5CVSS0.00301EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/15 12:0 a.m.17 views

CVE-2024-42680

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark...

0.00301EPSS
Exploits1References2
CVE
CVE
added 2024/08/15 12:0 a.m.63 views

CVE-2024-42680

CVE-2024-42680 affects Super easy enterprise management system (v.1.0.0 and earlier). The vulnerability allows a local attacker to obtain the server’s absolute path by inputting a single quotation mark, indicating an information disclosure risk rooted in improper input handling. Publicly cited so...

5.5CVSS6.6AI score0.00301EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/15 12:0 a.m.17 views

CVE-2024-42680

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark...

6.6AI score0.00301EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.36 views

RHEL 8 : podman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - podman: Symlink error leads to information disclosure CVE-2022-4122 - A flaw was found in Buildah. The...

7.2CVSS6.3AI score0.01525EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/27 6:41 p.m.12 views

CVE-2024-6250 Absolute Path Traversal in parisneo/lollms-webui

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

7.5CVSS6.8AI score0.01957EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/27 6:41 p.m.33 views

CVE-2024-6250 Absolute Path Traversal in parisneo/lollms-webui

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

7.5CVSS0.01957EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.7 views

PT-2024-37482

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.6 Description: An absolute path traversal issue exists, specifically in the "open file" endpoint of "lollms advanced.py". The sanitize path function with allow absolute path=True allows an attacker to access...

7.5CVSS6AI score0.01957EPSS
Exploits1References4
NVD
NVD
added 2024/06/24 5:15 p.m.25 views

CVE-2024-33879

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter...

9.8CVSS0.00615EPSS
Exploits0References2
CVE
CVE
added 2024/06/24 12:0 a.m.77 views

CVE-2024-33879

VirtoSoftware Virto Bulk File Download for SharePoint 2019 (version 5.5.44) is affected. The vulnerability is in Virto.SharePoint.FileDownloader/Api/Download.ashx -> isCompleted method, which allows arbitrary file download and deletion via absolute path traversal in the path parameter. Public ...

9.8CVSS7.3AI score0.00615EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/24 12:0 a.m.13 views

CVE-2024-33879

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter...

7.1AI score0.00615EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/24 12:0 a.m.23 views

CVE-2024-33879

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter...

0.00615EPSS
Exploits0References2
Veracode
Veracode
added 2024/06/19 5:58 a.m.25 views

Path Traversal

ai.djl,api is vulnerable to Path Traversal. The vulnerability is due to absolute path archived artifacts, allowing attackers to insert archived files directly into the system and overwrite system files...

10CVSS6.7AI score0.00655EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/18 5:44 a.m.14 views

CVE-2024-33620

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker...

7AI score0.00678EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.4 views

PT-2024-25380 · Fujitsu · Fujitsu Software Time Creator

Name of the Vulnerable Software and Affected Versions: ID Link Manager affected versions not specified FUJITSU Software TIME CREATOR affected versions not specified Description: An absolute path traversal issue exists, allowing an unauthenticated remote attacker to retrieve file contents, includi...

8.6CVSS7.1AI score0.00678EPSS
Exploits0References6
Rows per page
Query Builder