5 matches found
EUVD-2018-0803
Malware in sbrugna...
XXL-CONF Path Traversal vulnerability
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java...
GHSA-8J39-FGFP-VXH8 XXL-CONF Path Traversal vulnerability
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java...
Path traversal
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java...
CVE-2018-20094
CVE-2018-20094 affects XXL-CONF 1.6.0 via a path-traversal flaw in the keys parameter that can download arbitrary configuration files. The root cause is described as insufficient validation in ConfController.java and PropUtil.java, enabling an attacker to access sensitive configuration data. The ...