Lucene search
K

106 matches found

OSV
OSV
added 2024/06/06 6:40 p.m.13 views

CVE-2024-3322 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...

8.4CVSS5.9AI score0.00726EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.8 views

PT-2024-19815

Name of the Vulnerable Software and Affected Versions LDAP Account Manager LAM versions prior to 8.7 Description LDAP Account Manager LAM is a web frontend for managing entries stored in an LDAP directory. LAM's log configuration allows specifying arbitrary paths for log files. An attacker could...

7.9CVSS7.9AI score0.17868EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.4 views

PT-2023-9825

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.1 Description Gogs, an open-source self-hosted Git service, has an issue that allows a malicious user to write a file to an arbitrary path on the server, potentially gaining SSH access. The vulnerability resides in...

9.9CVSS8.2AI score0.75197EPSS
Exploits5References50
OSV
OSV
added 2023/05/10 8:15 p.m.4 views

CVE-2023-31166

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See...

4.3CVSS6.1AI score0.00588EPSS
Exploits0References2
NVD
NVD
added 2023/05/10 8:15 p.m.18 views

CVE-2023-31166

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system. See...

4.3CVSS4.5AI score0.00588EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.4 views

Schweitzer Engineering Laboratories Real Time Automation Controller 路径遍历漏洞

Schweitzer Engineering Laboratories Real Time Automation Controller SEL RTAC is a powerful and versatile automation platform from Schweitzer Engineering Laboratories. A path traversal vulnerability exists in the Schweitzer Engineering Laboratories Real Time Automation Controller, which stems from...

4.3CVSS5.8AI score0.00588EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.4 views

SUSE CVE-2004-0959

rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$FILES" array to be modified...

2.1CVSS6.9AI score0.00577EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.5 views

SUSE CVE-2021-23976

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

6.3CVSS8.7AI score0.01101EPSS
Exploits0References4
OSV
OSV
added 2022/09/13 8:15 p.m.5 views

UBUNTU-CVE-2022-37703

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir as root directly without checking the path, letting the attacker provide an...

3.3CVSS6.1AI score0.00703EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2022/05/26 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-36356

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames even though browseSystemFiles.php is no longer reachable via the GUI. NOTE: this issue exists because of an incomplete fix...

10CVSS7.8AI score0.54393EPSS
Exploits5References1
OSV
OSV
added 2022/03/30 4:15 p.m.3 views

CVE-2022-20002

In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-19865765...

7.8CVSS6AI score0.00098EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/30 4:15 p.m.7 views

CVE-2022-20002

In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-19865765...

7.8CVSS7.3AI score0.00098EPSS
Exploits0References2
CVE
CVE
added 2022/03/30 4:2 p.m.83 views

CVE-2022-20002

CVE-2022-20002 affects Android 12L in incfs, where a missing permission check enables mounting on arbitrary paths. This can lead to local privilege escalation to SYSTEM with no user interaction required. The vulnerability is described with CVSSv3.1/2.0 metrics (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...

7.8CVSS7.8AI score0.00098EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/30 4:2 p.m.19 views

CVE-2022-20002

In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-19865765...

8.1AI score0.00098EPSS
Exploits0References1
OSV
OSV
added 2021/11/29 8:15 p.m.13 views

CVE-2021-43783

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...

8.5CVSS8.3AI score0.01206EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/11/29 8:15 p.m.2 views

CVE-2021-43783

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...

8.5CVSS7.4AI score0.01206EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.4 views

node-tar 后置链接漏洞

node-tar is a software package for file compression/decompression. A backlink vulnerability exists in Node-tar, which stems from the product not validating special characters. An attacker can use this vulnerability to create malicious files in other paths...

8.6CVSS7.1AI score0.03286EPSS
Exploits0References33
OSV
OSV
added 2021/02/26 2:15 a.m.2 views

CVE-2021-23976

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

8.1CVSS7AI score
Exploits0References3
OSV
OSV
added 2021/02/26 2:15 a.m.11 views

UBUNTU-CVE-2021-23976

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

8.1CVSS7.4AI score0.01101EPSS
Exploits0References5
NVD
NVD
added 2020/09/02 8:15 p.m.14 views

CVE-2020-7830

RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download...

7.8CVSS7.6AI score0.00798EPSS
Exploits0References1
Rows per page
Query Builder