CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

6.5CVSS6.8AI score0.02769EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 5:10 a.m.•1 views

SUSE CVE-2015-9275

ARC 5.21q allows directory traversal via a full pathname in an archive file...

5.3CVSS7AI score0.02378EPSS

Exploits1References4

OSV•added 2022/05/24 5:21 p.m.•3 views

GHSA-M2CH-X2Q7-2284 Mattermost Server allows an attacker to specify a full pathname of a log file

An issue was discovered in Mattermost Server before 3.7.5. It allows an attacker to specify a full pathname of a log file...

8.8CVSS5.5AI score0.01387EPSS

Exploits0References4

Github Security Blog•added 2022/05/17 4:12 a.m.•18 views

ImpressCMS Path Traversal to Arbitrary File Delete

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...

6.4CVSS6.9AI score0.03711EPSS

Exploits3References7Affected Software1

OSV•added 2022/05/17 4:12 a.m.•12 views

GHSA-WCJ4-FF9M-5R7G ImpressCMS Path Traversal to Arbitrary File Delete

6.4CVSS6.5AI score0.03711EPSS

Exploits3References6

Prion•added 2022/01/10 2:10 p.m.•24 views

Directory traversal

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal in conjunction with CVE-2019-14511 because the mysql client can be used for CALL SNIPPETS and loadfile operations on a full pathname e.g., a file in the /etc directory. NOTE: this is unrelated to CMUSphinx...

5CVSS7.3AI score0.02166EPSS

Exploits2References3Affected Software2

NVD•added 2021/08/09 7:15 p.m.•30 views

CVE-2015-2074

The File Repository Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681...

7.5CVSS0.03499EPSS

Exploits1References4

Prion•added 2021/08/09 7:15 p.m.•20 views

Design/Logic Flaw

The File Repository Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681...

5CVSS7.2AI score0.03499EPSS

Exploits1References4Affected Software1

Cvelist•added 2020/06/19 6:45 p.m.•23 views

CVE-2017-18912

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file...

9.3AI score0.01387EPSS

Exploits0References1

NVD•added 2020/05/04 2:15 p.m.•31 views

CVE-2019-12864

SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query...

5.5CVSS5.5AI score0.00466EPSS

Exploits1References2

RedhatCVE•added 2019/10/04 9:26 p.m.•24 views

CVE-2009-0842

mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink...

10CVSS6.2AI score0.09011EPSS

Exploits7References3

OSV•added 2019/09/27 11:15 a.m.•5 views

CVE-2019-16902

In the ARforms plugin 3.7.1 for WordPress, arfdeletefile in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname...

7.5CVSS7.2AI score0.09726EPSS

Exploits5References2