Lucene search
+L

157 matches found

atlassian
atlassian
added 2021/02/16 6:29 p.m.48 views

Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 4.0.4 4.10.0 ≤ versi...

5.3CVSS5.8AI score0.0233EPSS
Exploits0
atlassian
atlassian
added 2021/01/21 5:58 p.m.158 views

Pre-Authorization Limited Arbitrary File Read in Jira Server - CVE-2020-29453

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 8.5.11 8.6.0 ≤ version 8.13.3 8.14.0 ≤ versi...

5.3CVSS5.7AI score0.23086EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2021/01/19 12:0 a.m.7 views

Jointjs Security Vulnerability

A security vulnerability exists in jointjs before 3.3.0, which stems from the use of a path that accesses an object's key and sets a value that is not properly handled...

9.8CVSS5.8AI score0.01359EPSS
Exploits0References5
redhat
redhat
added 2020/12/01 12:5 p.m.5 views

php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

5.9CVSS7.4AI score0.08818EPSS
Exploits1References4
atlassian
atlassian
added 2020/11/10 12:3 a.m.386 views

Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. h3. Affected versions: version 6.13.18 6.14.0 ≤ version 7.4....

5.3CVSS6AI score0.99999EPSS
Exploits12Affected Software1
osv
osv
added 2020/08/17 1:15 p.m.10 views

UBUNTU-CVE-2020-13941

Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...

8.8CVSS7.3AI score0.03805EPSS
Exploits0References3
cnvd
cnvd
added 2020/06/02 12:0 a.m.2 views

Arbitrary File Deletion Vulnerability in Advantech WebAccessNode

Advantech WebAccessNode is a fully Internet Explorer based HMI/SCADA monitoring software. Advantech WebAccessNode suffers from an arbitrary file deletion vulnerability, which can be exploited by an attacker to delete files at any path within the system...

7AI score
Exploits0
debiancve
debiancve
added 2020/01/24 9:14 p.m.38 views

CVE-2019-1348

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths...

3.6CVSS7.2AI score0.00427EPSS
Exploits0
osv
osv
added 2019/12/23 3:15 a.m.5 views

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

5.9CVSS6.8AI score
Exploits0References13
osv
osv
added 2019/12/23 3:15 a.m.3 views

CVE-2019-11044

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

7.5CVSS6.7AI score
Exploits0References5
cvelist
cvelist
added 2019/12/23 2:40 a.m.33 views

CVE-2019-11044 link() silently truncates after a null byte on Windows

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

3.7CVSS8.5AI score0.05124EPSS
Exploits2References5
kitploit
kitploit
added 2019/12/20 11:30 a.m.119 views

PathAuditor - Detecting Unsafe Path Access Patterns

The PathAuditor is a tool meant to find file access related vulnerabilities by auditing libc functions. The idea is roughly as follows: Audit every call to filesystem related libc functions performed by the binary. Check if the path used in the syscall is user-writable. In this case an unprivileg...

7CVSS6.9AI score0.00253EPSS
Exploits0References1
osv
osv
added 2019/10/29 12:15 p.m.5 views

USN-4167-1 samba vulnerabilities

Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. CVE-2019-10218 Simon...

6.5CVSS6.3AI score0.03515EPSS
Exploits1References4
osv
osv
added 2019/08/29 1:15 a.m.3 views

UBUNTU-CVE-2019-11246

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is...

6.5CVSS6.8AI score0.03616EPSS
Exploits0References3
debiancve
debiancve
added 2019/07/30 10:14 p.m.41 views

CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...

8.8CVSS8.8AI score0.00516EPSS
Exploits0
redhat
redhat
added 2019/07/15 12:45 p.m.29 views

Mozilla: Same-origin policy treats all files in a directory as having the same-origin

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

6.5CVSS7.3AI score0.20271EPSS
Exploits0References5
osv
osv
added 2019/06/27 5:15 p.m.2 views

UBUNTU-CVE-2019-5838

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension...

4.3CVSS6.7AI score0.00785EPSS
Exploits0References3
nvd
nvd
added 2019/05/22 6:29 p.m.25 views

CVE-2019-8442

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check...

7.5CVSS7.4AI score0.59832EPSS
Exploits1References2
exploitdb
exploitdb
added 2019/03/28 12:0 a.m.63 views

WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion

Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate/ Version: Version 2.2.1 Tested on: Debian GNU/Linux 9 Docker...

7.4AI score
Exploits0
osv
osv
added 2018/07/13 8:29 p.m.6 views

CVE-2016-9497

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many...

8.8CVSS5.8AI score0.02214EPSS
Exploits0References2
Rows per page
Query Builder