Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2019/11/18 5:19 p.m.50 views

Path traversal attack on Windows platforms

Tapestry processes assets /assets/ctx using classes chain StaticFilesFilter - AssetDispatcher - ContextResource, which doesn't filter the character , so attacker can perform a path traversal attack to read any files on Windows platform...

7.5CVSS4.1AI score0.03094EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2019/09/16 5:15 p.m.18 views

Path traversal

Tapestry processes assets /assets/ctx using classes chain StaticFilesFilter - AssetDispatcher - ContextResource, which doesn't filter the character , so attacker can perform a path traversal attack to read any files on Windows platform...

5CVSS7.4AI score0.03094EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2013/09/09 12:0 a.m.88 views

CakePHP AssetDispatcher Local File Inclusion Vulnerability

CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2013/08/13 12:0 a.m.33 views

CakePHP 2.3.7 / 2.2.8 Local File Inclusion

CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2013/08/13 12:0 a.m.27 views

CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion

source: https://www.securityfocus.com/bid/61746/info CakePHP is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files or execute arbitrary script code in the context of the web server...

7AI score
Exploits0
Rows per page
Query Builder