12 matches found
NewStart CGSL MAIN 6.06 : perl Multiple Vulnerabilities (NS-SA-2025-0211)
The remote NewStart CGSL host, running version MAIN 6.06, has perl packages installed that are affected by multiple vulnerabilities: - Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count...
PYSEC-2025-118
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...
Directory Traversal
Overview spatie/browsershot is a library for converting a webpage to an image or pdf using headless Chrome. Affected versions of this package are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read...
Huawei HarmonyOS/EMUI File Path Bypass Vulnerability
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei EMUI is Huawei's emotional operating system based on Android. A file path bypass vulnerability exists in Huawei HarmonyOS/EMUI, which stems from a file path bypass vulnerability in email. ...
CVE-2024-27318
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...
The vulnerability of the MSExchangeMailboxAssistants service on Microsoft Exchange Server allows attackers to escalate their privileges.
The vulnerability of the MSExchangeMailboxAssistants service in Microsoft Exchange Server lies in the possibility of bypassing the file path. Exploiting this vulnerability can allow an attacker to enhance their privileges by specifying a file path without quotes...
The vulnerability of the MSExchangeADTopology service of the Microsoft Exchange Server allows a hacker to increase their privileges.
The vulnerability of the MSExchangeADTopology service of the Microsoft Exchange Server lies in the possibility of bypassing the file path. Exploiting this vulnerability can allow an attacker to enhance their privileges by specifying a file name without quotes...
jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path
A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...
jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path
A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...
jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path
A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...
PT-2021-5285 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier Description: The issue is related to a bypass of the file path filtering mechanism in Jenkins, allowing an attacker to impact the confidentiality, integrity, and availabilit...
[USN-2658-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2658-1 July 06, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...