14 matches found
CVE-2026-61432
PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...
EUVD-2026-42898
PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...
CVE-2026-61432 PraisonAI FastContext before 1.6.78 Path Traversal
PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...
GRR 4.0.0.0
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR...
EUVD-2018-0220
Malware in sbrugna...
SUSE CVE-2011-4940
The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...
Exploit for Cross-site Scripting in F5 Big-Ip_Access_Policy_Manager
CVE-2020-5902 RCE /tmui/login.jsp/..;/tmui/locallb/workspac...
Directory traversal
Directory traversal in listfolders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter...
CVE-2018-13322
Directory traversal in listfolders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter...
python: potential XSS in SimpleHTTPServer's list_directory()
The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...
OpenJDK allows to list files within the user home directory (6484091)
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors...
CVE-2008-1606
Multiple directory traversal vulnerabilities in Elastic Path EP 4.1 and 4.1.1 allow remote attackers to 1 download arbitrary files via a .. dot dot in the file parameter to manager/getImportFileRedirect.jsp, 2 upload arbitrary files via a ".." dot dot backslash in the file parameter to...
Directory traversal
Multiple directory traversal vulnerabilities in Elastic Path EP 4.1 and 4.1.1 allow remote attackers to 1 download arbitrary files via a .. dot dot in the file parameter to manager/getImportFileRedirect.jsp, 2 upload arbitrary files via a ".." dot dot backslash in the file parameter to...
CVE-2005-3293
Xerver 4.17 allows remote attackers to 1 obtain source code of scripts via a request with a trailing "." dot or 2 list directory contents via a trailing null character...