Path traversal

Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24;...

CVE-2021-40338 OWASP Related Vulnerabilities in Hitachi Energy’s LinkOne Product

Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that enables debug mode and reveals the full path of the filesystem directory when an attacker generates errors during a query operation. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24;...

CVE-2021-40338

Hitachi Energy LinkOne WebView is affected by CVE-2021-40338 due to a web server misconfiguration that enables debug mode and reveals the full filesystem directory path when errors occur during a query. Affected versions are LinkOne WebView 3.20, 3.22, 3.23, 3.24, 3.25, and 3.26. The issue can di...

Hitachi Energy LinkOne 授权问题漏洞

Hitachi Energy LinkOne is an enterprise graphical parts catalog and content delivery solution from Hitachi Energy, Switzerland. It is used to publish, view and find spare parts for complex equipment and assemblies. A security vulnerability exists in Hitachi Energy LinkOne, which stems from a web...

PT-2022-11217 · Hitachi Energy · Hitachi Energy Linkone

Name of the Vulnerable Software and Affected Versions: Hitachi Energy LinkOne versions 3.20 through 3.26 Description: The issue is caused by a web server misconfiguration that enables debug mode. When an attacker generates errors during a query operation, the full path of the filesystem directory...

Cisco StarOS 安全漏洞

Cisco StarOS is a virtualized operating system from Cisco. A security vulnerability exists in Cisco StarOS that stems from certain services not having debug mode properly enabled. A remote attacker could use this vulnerability to connect to a device, navigate to a debug mode enabled service, and...

Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager RCM for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 CVSS scor...

Vulnerabilities fixed in Cisco StarOS Software

Cisco has fixed vulnerabilities in StarOS, the operating system of a series of Aggregation Services Routers ASR. Because the debug mode was misconfigured, a remote malicious party may be able to access sensitive information and may be able to execute arbitrary code under the root privileges of th...

PT-2022-2313 · Cisco · Cisco Rcm For Cisco Staros

Name of the Vulnerable Software and Affected Versions: Cisco RCM for Cisco StarOS Software affected versions not specified Description: The issue exists due to the incorrect enabling of debug mode for specific services, allowing an unauthenticated, remote attacker to perform remote code execution...

VulnCheck KEV: CVE-2020-10826

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...

Path Traversal in rust-embed

When running in debug mode and the debug-embed off by default feature is not enabled, the generated get method does not check that the input path is a child of the folder given. This allows attackers to read arbitrary files in the file system if they have control over the filename given. The...

GHSA-XRG3-HMF3-RVGW Path Traversal in rust-embed

When running in debug mode and the debug-embed off by default feature is not enabled, the generated get method does not check that the input path is a child of the folder given. This allows attackers to read arbitrary files in the file system if they have control over the filename given. The...

rust-embed directory traversal vulnerability

rust-embed is the embedding of static assets into rust binaries. rust-embed versions prior to 6.3.0 have security vulnerabilities that can be exploited by attackers in debug mode to cause directory traversal...

CVE-2021-45712

An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode...

CVE-2021-45712

An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode...

Directory traversal

An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode...

CVE-2021-45712

An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode...

CVE-2021-45712

The CVE-2021-45712 entry affects the rust-embed crate for Rust prior to 6.3.0. In debug mode, the generated Asset::get path traversal vulnerability occurs when the input path isn’t properly constrained, allowing ‘..’ segments to access files outside the assets folder. Documented analyses (OSV/RUS...

MTN Group: Information disclosure through django debug mode

Summary: Your domain https://szezvzorilla.mtn.co.sz was disclosing information throught django debug mode enable. Steps To Reproduce: Visit https://szezvzorilla.mtn.co.sz/NONEXISTINGPATH/ You will the information of debugging Supporting Material/References: F1555934 attachment / reference Impact...

Medium: docker

Issue Overview: Docker Engine before 18.09 allows attackers to cause a denial of service dockerd memory consumption via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemonunix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. CVE-2018-20699 A command injectio...