CVE-2020-36486

Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting XSS vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling...

CVE-2020-23061

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the list and download module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command...

CVE-2020-23042

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting XSS vulnerability in the path parameter of the list and download module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request...

CVE-2020-23042

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting XSS vulnerability in the path parameter of the list and download module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request...

CVE-2020-23038

Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables...

CVE-2020-23038

Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables...

Information disclosure

Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables...

Directory traversal

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the list and download module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command...

Cross site scripting

Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting XSS vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling...

CVE-2020-23038

CVE-2020-23038 affects Swift File Transfer Mobile v1.1.2 and earlier. A path traversal/info-disclosure vulnerability exists in the path parameter, triggered by an error caused by including non-existent path environment variables. The connected sources corroborate that an unauthorized attacker cou...

CVE-2020-36486

Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting XSS vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling...

Swift File Transfer Mobile 跨站脚本漏洞

Swift File Transfer Mobile is an application by Kunal Mahajan Personal Developer. It is used to share installed applications, photos, files, folders and videos 8Mbps at high speed without using internet, data cable, mobile data, Wi-Fi, Nfc etc. A cross-site scripting vulnerability exists in Swift...

Directory traversal

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files or Cells files belonging to any user via the nodes parameter for Copy and Move or via the Path parameter for Delete...

CVE-2021-41324

CVE-2021-41324 affects Pydio Cells 2.2.9 and involves a directory traversal vulnerability in Copy, Move, and Delete features. A remote authenticated user can enumerate personal files or other users’ files via the nodes parameter (Copy/Move) or the Path parameter (Delete). Root cause is handling o...

Abstrium Pydio Cells 路径遍历漏洞

Abstrium Pydio Cells is a next-generation file sharing platform developed using the Go language by Abstrium France. A path traversal vulnerability exists in Abstrium Pydio Cells 2.2.9, which allows a remote authenticated user to pass the node parameter for copy and move or pass the path parameter...

CVE-2021-40712

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service...

CVE-2021-40712

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service...

Input validation

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service...

CVE-2021-40712

CVE-2021-40712 affects Adobe Experience Manager 6.5.x (6.5.9.0 and earlier). The issue is improper input validation on the path parameter, enabling an authenticated attacker to send a malformed POST that causes a server-side denial of service. Severity is reflected as MEDIUM (CVSS v3.1 base score...

Type confusion

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...