Lucene search
K

12 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 7:38 p.m.10 views

CVE-2026-8364

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

9.8CVSS5.8AI score0.00305EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/15 1:35 p.m.4 views

CVE-2016-20029

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...

5.8AI score0.00206EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-49125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root...

7.5CVSS7.1AI score0.03163EPSS
Exploits0References3
OSV
OSV
added 2023/11/01 3:15 a.m.5 views

CVE-2023-5515

The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...

5.3CVSS5.7AI score0.00377EPSS
Exploits0References1
OSV
OSV
added 2022/12/22 8:15 p.m.3 views

DEBIAN-CVE-2022-31744

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...

6.5CVSS6.5AI score0.0058EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.3 views

Huawei HarmonyOS 路径遍历漏洞

Huawei HarmonyOS is an operating system from Huawei China Inc. A path traversal vulnerability exists in Huawei HarmonyOS, which stems from the failure of the number identification module to properly filter special elements in the path of a resource or file. An attacker could exploit this...

7.5CVSS6.6AI score0.00721EPSS
Exploits0References4
CNVD
CNVD
added 2022/07/13 12:0 a.m.31 views

AutomatedQuizEval path traversal vulnerability

AutomatedQuizEval, an automated quiz evaluation system from the personal developer Sravani Boinepelli, suffers from a path traversal vulnerability that stems from the failure of Flask's sendfile function to properly filter special elements in resource or file paths, which could be exploited by...

9.3CVSS4.5AI score0.01164EPSS
Exploits1References1
OSV
OSV
added 2022/05/14 1:10 a.m.2 views

GHSA-6QR6-X7JM-X2Q6 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...

4.3CVSS6.8AI score0.12555EPSS
Exploits0References45
CNVD
CNVD
added 2022/01/16 12:0 a.m.16 views

ChronoEngine ChronoForms Path Traversal Vulnerability

ChronoEngine ChronoForms is ChronoEngine company an easy to use and flexible Joomla form builder . A path traversal vulnerability exists in ChronoEngine ChronoForms that stems from the product failing to properly filter for special elements in the path of a resource or file. An attacker could use...

5.3CVSS5.1AI score0.08232EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/12/03 12:0 a.m.4 views

The vulnerability of Eclipse Jetty servlet containers, related to the lack of protection for service data, allows attackers to exploit the protected information.

The vulnerability of Eclipse Jetty servlet containers is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information by specifying the full path to the base resources in Windows...

5.3CVSS6.8AI score0.04016EPSS
Exploits0References8Affected Software8
RedHat Linux
RedHat Linux
added 2016/07/18 7:39 p.m.8 views

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

4.3CVSS6.6AI score0.12555EPSS
Exploits0References5
Check Point Advisories
Check Point Advisories
added 2009/11/03 12:0 a.m.7 views

Microsoft ASP.NET Resource Paths Canonicalization (MS05-004; CVE-2004-0847)

The .NET framework is a windows framework for building and running software. The framework supports a variety of programming languages. A component of this framework is ASP.NET which allows for the development of dynamic Web applications in different programming languages. A vulnerability exists ...

7.5CVSS9.2AI score0.75702EPSS
Exploits1
Rows per page
Query Builder