EUVD-2015-6400

Malware in sbrugna...

EUVD-2022-2796

Malicious code in bioql PyPI...

Hewlett Packard Enterprise Intelligent Management Center Service Operation Manager Module FileDownloadServlet filePath Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within Service Operation Manager Module's...

Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet fileName Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The...

General Electric MDS PulseNET FileDownloadServlet Directory Traversal (CVE-2015-6459)

A directory traversal vulnerability exists in the General Electric MDS PulseNET products. The vulnerability is due to insufficient validation in FileDownloadServlet. An unauthenticated remote attacker can exploit this vulnerability to read and then delete an arbitrary file on the system...

CVE-2015-6459

Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname...

Path traversal

Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname...

CVE-2015-6459

CVE-2015-6459 covers an absolute path traversal in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise FileDownloadServlet prior to version 3.1.5. The vulnerability arises from insufficient validation in the download function, allowing remote attackers to read or delete arbitrary files via...

GE MDS PulseNET FileDownloadServlet Directory Traversal Information Disclosure And Deletion Vulnerability

This vulnerability allows remote attackers to read and delete arbitrary files on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileDownloadServlet. By specifying a filename including directory...

CVE-2014-8114

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...

CVE-2014-8114

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...

HP Intelligent Management SOM FileDownloadServlet Arbitrary Download

This module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the FileDownloadServlet from the SOM component, in order to retrieve arbitrary files with SYSTEM privileges. This module has been tested successfully on HP Intelligent Management Center...