14 matches found
EUVD-2004-2489
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-10184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without...
Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...
CVE-2021-41242
OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...
Path traversal
OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...
undertow: Information leak in requests for directories without trailing slashes
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...
undertow: Information leak in requests for directories without trailing slashes
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...
Information Disclosure
undertow-servlet is vulnerable to information disclosure. A remote attacker is able to discover directory structures using requests without trailing slashes via the API...
CVE-2019-10184
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...
DEBIAN-CVE-2019-10184
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...
CVE-2019-10184
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...
CVE-2010-0105
The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service filesystem corruption via a crafted application that calls the mkdir a...
CVE-2004-2498
Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors...
WU-FTPD fb_realpath() Function Off-by-one Overflow
The remote WU-FTPD server seems to be vulnerable to an off-by-one overflow when dealing with huge directory structures. An attacker may exploit this flaw to obtain a shell on this host. Note that Nessus has solely relied on the banner of the remote server to issue this warning so it may be a...