DEBIAN-CVE-2020-5421

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

UBUNTU-CVE-2020-5421

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

CVE-2020-5421

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

PT-2020-5502 · Spring · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 4.3.0 through 4.3.28 Spring Framework versions 5.0.0 through 5.0.18 Spring Framework versions 5.1.0 through 5.1.17 Spring Framework versions 5.2.0 through 5.2.8 Description: The issue is related to insecure privilege...

Reflected File Download (RFD) Attack

spring-web is vulnerable to Reflected File Download RFD attack. An incomplete fix of CVE-2015-5211 allows an attacker to bypass the protection against RFD attack via the jsessionid path parameter...

CVE-2020-22158

MediaKind formerly Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker...

rConfig Directory Traversal Vulnerability

rConfig is an open source network configuration management utility . A directory traversal vulnerability exists in rConfig version 3.9.5, which can be exploited to view arbitrary files on a system by sending a request to the ajaxGetFileByPath.php script with a 'path' parameter with the sequence...

BugPoC: Improper use of "path" parameter can be used to trick testers into leaking their Front-End PoC

Summary: In https://bugpoc.com/testers/front-end, the populateFromFragment function incorrectly assigns hash parameter path to the subdomain element, allowing the "Test" functionality of the Front-End PoC Generator to open a popup on any domain instead of the expected web.bugpoc.ninja. It can be...

CVE-2020-14946

downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath...

Command Injection

Overview diskusage-ng is a package that get disk usage info in pure JavaScript and without any dependencies. Affected versions of this package are vulnerable to Command Injection. The argument path can be controlled by users without any sanitization. PoC var root = require"diskusage-ng"; root...

CVE-2018-16356

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter...

Code injection

NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter...

Command injection

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

CVE-2019-17322

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that...

Directory traversal

The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter...

SUSE-SU-2019:2227-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

python: CRLF injection via the path part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

CVE-2019-10717

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter...

CVE-2019-10717

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter...