Lucene search
+L

127 matches found

OSV
OSV
added 2023/11/28 6:30 p.m.26 views

GHSA-9VFC-QXC8-WRPQ ureport arbitrary file read vulnerability

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

7.5CVSS7.2AI score0.00948EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/11/28 6:30 p.m.38 views

ureport arbitrary file read vulnerability

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

7.5CVSS6.5AI score0.00948EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/11/28 5:15 p.m.19 views

CVE-2023-48848

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

7.5CVSS0.00948EPSS
Exploits0References1
Prion
Prion
added 2023/11/28 5:15 p.m.20 views

Path traversal

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

5CVSS7.1AI score0.00948EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/28 12:0 a.m.11 views

CVE-2023-48848

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

7.1AI score0.00948EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.8 views

PT-2023-30985 · Ureport · Ureport

Name of the Vulnerable Software and Affected Versions: ureport version 2.2.9 Description: An arbitrary file read issue allows a remote attacker to read files on the server by inserting a crafted path. Recommendations: For ureport version 2.2.9, at the moment, there is no information about a newer...

7.5CVSS7AI score0.00948EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/11/28 12:0 a.m.30 views

CVE-2023-48848

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

7.5AI score0.00948EPSS
Exploits0References1
OSV
OSV
added 2023/11/28 12:0 a.m.21 views

CVE-2023-48848

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

7.5CVSS7.4AI score0.00948EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/31 12:0 a.m.11 views

PT-2023-4159 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: An issue was discovered in the download functionality, allowing an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a crafted download path containing a malicious payload, an attacke...

6.4CVSS5.8AI score0.00533EPSS
Exploits1References10
BDU FSTEC
BDU FSTEC
added 2023/04/17 12:0 a.m.5 views

The vulnerability of the curl command-line utility’s syntax lies in the improper replacement of the tilde symbol (~) when used as a prefix in the first element of a path. This allows an attacker to bypass filtering or execute arbitrary code.

The vulnerability of the curl command-line utility is related to the incorrect replacement of the tilde symbol when it is used as a prefix in the first element of a path. This occurs in addition to its supposed use as the first element for specifying a path relative to the user’s home directory...

3.7CVSS7.1AI score0.02195EPSS
Exploits1References14Affected Software8
NVD
NVD
added 2023/03/30 8:15 p.m.20 views

CVE-2023-27534

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

8.8CVSS8.9AI score0.02195EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/03/30 12:0 a.m.33 views

CVE-2023-27534

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

9.2AI score0.02195EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2023/03/21 1:13 p.m.62 views

CVE-2023-27534

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

3.7CVSS9.3AI score0.02195EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/03/21 3:13 a.m.3 views

SUSE CVE-2023-27534

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

4.5CVSS8.9AI score0.02195EPSS
Exploits1References94
OSV
OSV
added 2023/03/20 12:0 a.m.4 views

UBUNTU-CVE-2023-27534

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

8.8CVSS7.1AI score0.02195EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.4 views

SUSE CVE-2018-5137

A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects...

7.5CVSS8.3AI score0.01679EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.9 views

SUSE CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

7.5CVSS8.7AI score0.99999EPSS
Exploits5References9
RedhatCVE
RedhatCVE
added 2023/01/16 1:5 p.m.68 views

CVE-2022-41720

A flaw was found in OS, net/http golang library. In Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted in a given directory. These functions permit access to Windows device files under that root. Fo...

7.5CVSS2.3AI score0.0119EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.10 views

PT-2022-16069 · Alpine · Alpine

Name of the Vulnerable Software and Affected Versions: Alpine versions prior to 1.10.4 Description: The issue concerns Alpine, a Java scaffolding library. It allows an Authentication Filter bypass, where the AuthenticationFilter relies on the request URI to determine if the user is accessing the...

6.5CVSS7.1AI score0.00659EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2022/01/19 10:4 a.m.6 views

gegl: shell expansion via a crafted pathname

Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity...

7.8CVSS6.1AI score0.01439EPSS
Exploits0References4
Rows per page
Query Builder