127 matches found
GHSA-9VFC-QXC8-WRPQ ureport arbitrary file read vulnerability
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...
ureport arbitrary file read vulnerability
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...
CVE-2023-48848
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...
Path traversal
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...
CVE-2023-48848
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...
PT-2023-30985 · Ureport · Ureport
Name of the Vulnerable Software and Affected Versions: ureport version 2.2.9 Description: An arbitrary file read issue allows a remote attacker to read files on the server by inserting a crafted path. Recommendations: For ureport version 2.2.9, at the moment, there is no information about a newer...
CVE-2023-48848
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...
CVE-2023-48848
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...
PT-2023-4159 · Webmin +1 · Webmin +1
Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: An issue was discovered in the download functionality, allowing an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacke...
The vulnerability of the curl command-line utility’s syntax lies in the improper replacement of the tilde symbol (~) when used as a prefix in the first element of a path. This allows an attacker to bypass filtering or execute arbitrary code.
The vulnerability of the curl command-line utility is related to the incorrect replacement of the tilde symbol when it is used as a prefix in the first element of a path. This occurs in addition to its supposed use as the first element for specifying a path relative to the user’s home directory...
CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
SUSE CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
UBUNTU-CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
SUSE CVE-2018-5137
A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects...
SUSE CVE-2021-40438
A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2022-41720
A flaw was found in OS, net/http golang library. In Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted in a given directory. These functions permit access to Windows device files under that root. Fo...
PT-2022-16069 · Alpine · Alpine
Name of the Vulnerable Software and Affected Versions: Alpine versions prior to 1.10.4 Description: The issue concerns Alpine, a Java scaffolding library. It allows an Authentication Filter bypass, where the AuthenticationFilter relies on the request URI to determine if the user is accessing the...
gegl: shell expansion via a crafted pathname
Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity...