CVE-2023-36255

An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL...

CVE-2023-39110

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

CVE-2023-39110

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

rConfig Code Issue Vulnerability

rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig v3.9.4, which stems from the path parameter of /ajaxGetFileByPath.php containing server-side request forgery SSRF, allowing an authenticated attacker to make arbitrary requests by...

Eramba Code Injection Vulnerability

Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program features IT security, compliance auditing and analysis, and more. Eramba version 3.19.1 suffers from a code injection vulnerability that originates in the Eramba web application that allows code...

rConfig Code Issue Vulnerability

rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig v3.9.4, which stems from a pathb parameter in the doDiff function of /classes/compareClass.php that contains server-side request forgery SSRF, which allows an authenticated attacker to...

Directory Traversal

nocodb is vulnerable to Directory Traversal. The vulnerability exists in the fileRead function of attachments.controller.ts and attachment.ctl.ts files, which allows an attacker to fetch arbitrary files on the server by manipulating the path parameter of the /download route, resulting in the...

Cross-Site Scripting (XSS)

org.alluxio:alluxio-parent is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser, via the path parameter in the browse...

CVE-2020-21485

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component...

PT-2023-11589 · Alluxio · Alluxio

Name of the Vulnerable Software and Affected Versions: Alluxio version 1.8.1 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the path parameter in the "browse board component". Recommendations: For Alluxio version 1.8.1, consider restricting access...

Alluxio 跨站脚本漏洞

Alluxio is Alluxio's to increase the speed of end-to-end distributed machine learning in the cloud. A cross-site scripting XSS vulnerability exists in Alluxio version v.1.8.1, which can be exploited by a remote attacker to execute arbitrary code via the path parameter in the browseboard component...

CVE-2020-21485

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component...

CVE-2020-21485

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component...

CVE-2023-3239

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument img leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be...

Expert X Jobs Portal And Resume Builder 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

PYSEC-2023-70

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

PYSEC-2023-70

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

CVE-2023-30172

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

Mlflow 路径遍历漏洞

Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow version v2.0.1 and earlier versions. An attacker exploiting this vulnerability can read arbitrary files on the server via the path parameter...

http_server 跨站脚本漏洞

httpserver is an HTTP server utility class. A cross-site scripting vulnerability exists in Dart httpserver 0.9.5 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the request.uri.path parameter...