VulnCheck KEV: CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow...

GHSA-W6X2-JG8H-P6MP Path Traversal in TYPO3 File Abstraction Layer Storages

Problem Configurable storages using the local driver of the File Abstraction Layer FAL could be configured to access directories outside of the root directory of the corresponding project. The system setting in BE/lockRootPath was not evaluated by the file abstraction layer component. An...

UBUNTU-CVE-2024-23334

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

Arbitrary File Read

vite is vulnerable to Arbitrary File Read. The vulnerability exists due to improper file path sanitization, allowing an attacker to access files from the root path. Note this vulnerability is only applicable if the vite dev server is hosted on the network...

Vite 安全漏洞

Vite is a new front-end building tool from Vite open source. A security vulnerability exists in Vite versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9. An attacker exploits the vulnerability to read files from the application's Vite root path...

SUSE CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

SUSE CVE-2018-11803

Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation...

CVE-2023-24689

An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx...

CVE-2022-43514

A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected component does not correctly validate the root path on folder related operations, allowing to...

Apache Tomcat Leaks Information via Error Message

Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message...

GHSA-R6CF-CR44-M8RR Apache Tomcat Leaks Pathname Information via Error Message

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by 1 +/, 2 /, 3 /, and 4 %20/, which leaks the pathname in an error message...

Apache Tomcat Leaks Pathname Information via Error Message

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by 1 +/, 2 /, 3 /, and 4 %20/, which leaks the pathname in an error message...

Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path

Exploit Title: Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-17 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/ubackitfull8767.exe Tested Version: 2.0.5 Vulnerability Type: Unquoted...

Information disclosure

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated...

PT-2021-3425 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to insufficient input validation, which could allow a remote attacker to access confidential...

The vulnerability of QTS web servers for operating systems and QNAP network storage devices allows a hacker to execute arbitrary code.

The vulnerability of the QTS web server for operating systems and QNAP network storage devices is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via CGI scripts from the /mnt/HDAROOT/home/httpd/cgi-bin...

Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path

Exploit Title: Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path Discovery by: Alan Mondragon Discovery Date: 2021-03-16 Vendor Homepage: https://www.security.honeywell.com/product-repository/winpak Software Links : https://www.security.honeywell.com/product-repository/winpak WinPackPr...

Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path

Exploit Title: Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path Discovery by: Carlos Roa Discovery Date: 2020-11-07 Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home Tested Version: 5.1.0.8 Vulnerability Type: Unquoted Service Path Tested on O...

AVAST SecureLine 5.5.522.0 Unquoted Service Path

Exploit Title: AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-24 Vendor Homepage:https://www.avast.com/ Software Link :https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx Tested Version: 5.5.522.0...

Deep Instinct Windows Agent 1.2.29.0 - (DeepMgmtService) Unquoted Service Path Vulnerability

Exploit Title: Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path Discovery by: Oscar Flores Vendor Homepage: https://www.deepinstinct.com/ Software Links :...