Changedetection.io <= 0.47.4 - Path Traversal

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source-file-///etc/passwd can be used to retrieve local system files, where the more traditional file-///etc/passwd gets blocked. Version 0.47.5 fixes the...

CVE-2024-11315 TRCore DVC - Arbitrary File Upload through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...

HughesNet HT2000W Satellite Modem Password Reset

Exploit Title: HughesNet HT2000W Satellite Modem Arcadyan httpd 1.0 - Password Reset Date: 7/16/24 Exploit Author: Simon Greenblatt Vendor: HughesNet Version: Arcadyan httpd 1.0 Tested on: Linux CVE: CVE-2021-20090 import sys import requests import re import base64 import hashlib import urllib re...

DeepJavaLibrary API absolute path traversal

Summary DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions: 0.1...

CVE-2024-27770 Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-23: Relative Path Traversal

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal...

CVE-2023-6222 Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal

IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks...

GHSA-PXFV-7RR3-2QJG copyparty vulnerable to path traversal attack

Summary All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server. Details Unauthenticated users were able to retrieve any files which are accessible according to OS-level permissions from the copyparty process. Usually, this ...

Icinga Web 2.10 Arbitrary File Disclosure

!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Arbitrary File Disclosure Date: 2023-03-19 Exploit Author: Jacob Ebben Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version: 2.8.6, 2.9.6, 2.10 Tested on: Icinga Web 2 Version 2.9.2 on Linux CVE:...

Honeywell Experion PKS and ACE Controllers Relative Path Traversal (CVE-2021-38399)

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

GHSA-XP3G-2729-RXM3 Froxlor is vulnerable to path traversal

Path Traversal: '..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0...

CVE-2022-45470 Apache Hama allows XSS and information disclosure

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed...

CVE-2022-42188

In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server...

CVE-2022-20220

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid...

PT-2022-6941 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.5.0 through 2.1.10 Argo CD versions 2.2.0 through 2.2.5 Argo CD versions 2.3.0 and earlier, excluding 2.3.0 Description: A path traversal vulnerability in Argo CD allows a malicious user with read/write access to leak...

Spoofing

"Sametime Android PathTraversal Vulnerability"...

CVE-2021-27753

CVE-2021-27753 corresponds to a path traversal vulnerability affecting HCL Sametime for Android. CNNVD reports multiple path traversal issues in Sametime Android. NVD data shows CVSS-3.1 base score 5.5 (MEDIUM) with local access, low attack complexity, and high integrity impact. The connected sou...

CVE-2021-27753

"Sametime Android PathTraversal Vulnerability"...

SpinetiX Fusion Digital Signage 3.4.8 Path Traversal

SpinetiX Fusion Digital Signage 3.4.8 File Backup/Delete Path Traversal Vendor: SpinetiX AG Product web page: https://www.spinetix.com Affected version: = 3.4.8 1.0.36274 Summary: At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage ...

Path Traversal

There is a vulnerability in actionpackpage-caching that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

CVE-2020-5187

DNN formerly DotNetNuke through 9.4.4 allows Path Traversal issue 2 of 2...