📄 Craft CMS 5.0 Authentication Session Path Exposure

Proof of concept exploit that demonstrates an authentication session path exposure vulnerability in Craft CMS version 5.0. ============================================================================================================================================= | Title : Craft CMS 5.0...

CVE-2019-0207

Tapestry processes assets /assets/ctx using classes chain StaticFilesFilter - AssetDispatcher - ContextResource, which doesn't filter the character \, so attacker can perform a path traversal attack to read any files on Windows platform...

CVE-2019-0207

Tapestry processes assets /assets/ctx using classes chain StaticFilesFilter - AssetDispatcher - ContextResource, which doesn't filter the character , so attacker can perform a path traversal attack to read any files on Windows platform...

CVE-2019-0207

The CVE-2019-0207 issue involves the Tapestry framework’s asset handling, where the asset path chain StaticFilesFilter → AssetDispatcher → ContextResource fails to filter the backslash character on Windows, enabling path traversal to read arbitrary files. Affected component: Tapestry assets proce...

PT-2010-2709 · Adobe · Shockwave Player

Name of the Vulnerable Software and Affected Versions: Adobe Shockwave Player versions prior to 11.5.7.609 Description: The issue allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted Shockwave file. This is due to the improper...