Jenkins Plugin Report Info 安全漏洞

Jenkins and Jenkins Plugin are both open source products of Jenkins.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software ... A security...

CVE-2024-4388

This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server...

CVE-2024-4388

CVE-2024-4388 affects the WordPress CAS plugin (versions <= 1.0.0). The vulnerability arises from a failure to validate a user-supplied path when downloading files, enabling an unauthenticated attacker to download arbitrary server files via endpoints like download.php?path=.... Several connect...

CVE-2024-4442

The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete...

PT-2024-38572 · Bit Form · The Contact Form By Bit Form

Name of the Vulnerable Software and Affected Versions: The Contact Form by Bit Form versions 2.0 through 2.13.9 Description: The issue is related to insufficient file path validation in multiple functions, allowing authenticated attackers with Administrator-level access and above to read and dele...

PT-2024-30585 · WordPress · Startklar Elementor Addons

Name of the Vulnerable Software and Affected Versions: Startklar Elementor Addons plugin for WordPress versions up to, and including, 1.7.13 Description: The issue arises from the plugin not properly validating the path of an uploaded file prior to deleting it, making it possible for...

CVE-2023-51603

Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerabili...

CVE-2023-40498

LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within th...

CVE-2023-40498

LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within th...

CVE-2023-39459

Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in...

CVE-2023-34298

Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target...

LG Simple Editor 安全漏洞

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by failing to properly validate a user-supplied path before using it in ...

A10 Networks Thunder ADC 安全漏洞

A10 Networks Thunder ADC is an application distribution/load balancer from A10 Networks that provides high performance. A10 Networks Thunder ADC has a security vulnerability that originates from failure to properly validate user-supplied paths before using them, a directory traversal and...

A10 Networks Thunder ADC 安全漏洞

A10 Networks Thunder ADC is an application distribution/load balancer from A10 Networks that provides high performance. A10 Networks Thunder ADC has a security vulnerability that originates from failure to properly validate user-supplied paths before using them, a directory traversal and arbitrar...

LG Simple Editor 安全漏洞

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by failing to properly validate a user-supplied path before using it in ...

Pulse Secure Client 安全漏洞

Pulse Secure Client is a suite of client software from Pulse Secure USA for end devices that access the Pulse Secure gateway. A security vulnerability exists in Pulse Secure Client that stems from failure to properly validate a user-supplied path before using it in a file operation, allowing a...

Honeywell Saia PG5 Controls Suite 安全漏洞

Honeywell Saia PG5 Controls Suite is a control system software for industrial automation and building automation from Honeywell USA. A security vulnerability exists in Honeywell Saia PG5 Controls Suite that originates from failure to properly validate a user-supplied path before using it in a fil...

RHEL 7 : java-1.8.0-ibm (RHSA-2024:0879)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0879 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

CVE-2024-1560

CVE-2024-1560 affects mlflow/mlflow prior to 2.9.2, in the artifact deletion path. A double decoding flaw in _delete_artifact_mlflow_artifacts and local_file_uri_to_path, via an extra unquote in delete_artifacts, allows path traversal and deletion of arbitrary server directories. Impact: high, wi...

ZenML 安全漏洞

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A directory traversal vulnerability exists in ZenML version 0.55.4, which stems from a lack of validity checking of a program's paths when processing directory requests, and can ...