5 matches found
Path traversal attack on Windows platforms
Tapestry processes assets /assets/ctx using classes chain StaticFilesFilter - AssetDispatcher - ContextResource, which doesn't filter the character , so attacker can perform a path traversal attack to read any files on Windows platform...
Path traversal
Tapestry processes assets /assets/ctx using classes chain StaticFilesFilter - AssetDispatcher - ContextResource, which doesn't filter the character , so attacker can perform a path traversal attack to read any files on Windows platform...
CakePHP AssetDispatcher Local File Inclusion Vulnerability
CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...
CakePHP 2.3.7 / 2.2.8 Local File Inclusion
CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...
CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion
source: https://www.securityfocus.com/bid/61746/info CakePHP is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files or execute arbitrary script code in the context of the web server...