Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2026/04/10 7:50 p.m.6 views

xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern

Summary A path traversal vulnerability in XRootD allows users to escape the exported directory scope and enumerate the contents of the parent directory by appending /.. specifically without trailing slash to an exported path in xrdfs ls or HTTP PROPFIND requests. This bypass ignores the all.expor...

5.9AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34759

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.0082EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 1:8 a.m.9 views

CVE-2022-2501

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required...

7.5CVSS6.5AI score0.0082EPSS
Exploits0References1
OSV
OSV
added 2025/04/23 4:15 p.m.1 views

ALPINE-CVE-2025-46394

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...

3.3CVSS6.8AI score0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/04/23 4:15 p.m.6 views

CVE-2025-46394

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...

3.3CVSS7.1AI score0.00149EPSS
Exploits0References4
OSV
OSV
added 2025/04/23 4:15 p.m.1 views

UBUNTU-CVE-2025-46394

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...

3.3CVSS7.1AI score0.00149EPSS
Exploits0References6
OSV
OSV
added 2020/01/14 2:15 p.m.4 views

CVE-2020-5196

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download or unzip and upload files. There are multiple ways to bypass certain...

8.1CVSS7.3AI score0.01204EPSS
Exploits1References3
NVD
NVD
added 2002/05/31 4:0 a.m.21 views

CVE-2002-0300

gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file...

5CVSS6.7AI score0.07331EPSS
Exploits0References5
Rows per page
Query Builder