Lucene search
K

374 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 9:7 p.m.17 views

CVE-2003-0802

Nokia Electronic Documentation NED 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . dot...

5CVSS6.8AI score0.05995EPSS
Exploits1References1
NVD
NVD
added 2025/04/28 9:15 p.m.24 views

CVE-2025-0049

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...

4.3CVSS0.00213EPSS
Exploits0References1
OSV
OSV
added 2025/04/28 9:15 p.m.3 views

CVE-2025-0049

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2025/04/28 8:55 p.m.67 views

CVE-2025-0049

CVE-2025-0049 affects Fortra GoAnywhere before version 7.8.0. The vulnerability stems from an error message returned when a web user without Create permission on subfolders uploads a file to a non-existent directory; the message may expose the absolute server path, which could enable fuzzing for ...

4.3CVSS4.1AI score0.00213EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2025/02/19 9:17 p.m.1481 views

Autodesk: Exposing debug.log file leads to server full path disclosure

Vulnerability description not provided...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/09 1:20 a.m.5 views

CVE-2025-1086

A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to th...

6.9CVSS6.8AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2024/10/29 9:30 a.m.14 views

GHSA-762G-9P7F-MRWW Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks...

5.1CVSS4.8AI score0.00149EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/24 7:47 a.m.34 views

CVE-2024-6049 Unauthenticated Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

0.04325EPSS
Exploits1References2
Hacker One
Hacker One
added 2024/10/12 7:9 a.m.6 views

Nextcloud: Exposing debug.log file leads to server full path disclosure

The debug.log file on the nextcloud.com website was publicly accessible and contained sensitive information, including the server's full directory path. This type of information disclosure could have assisted attackers in understanding the internal structure of the server...

6.3AI score
Exploits0
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.6 views

Agnaistic 安全漏洞

Agnaistic is a chatbot from Agnaistic Open Source. A security vulnerability exists in Agnaistic version 1.0.330 and earlier versions. An attacker can exploit the vulnerability to upload arbitrary files to any location on the server...

8.8CVSS6.7AI score0.00785EPSS
Exploits0References2
CVE
CVE
added 2024/08/17 8:54 a.m.178 views

CVE-2024-42271

CVE-2024-42271 affects the Linux kernel’s IUCV subsystem. The issue is a use-after-free in iucv_sock_close() and iucv_sever_path() caused by a race on severing the path, with iucv_path_sever being called from both process and bh contexts. Without atomic compare-and-swap, a window may exist where ...

7.8CVSS6.7AI score0.00235EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/08/15 2:15 p.m.4 views

CVE-2024-42680

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark...

5.5CVSS5.8AI score0.00301EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/08/15 12:0 a.m.3 views

Super easy enterprise management system 安全漏洞

Super easy enterprise management system is a comprehensive enterprise management software designed to help organizations improve their operational efficiency and management level. A security vulnerability exists in Super easy enterprise management system version v.1.0.0, which can be exploited to...

5.5CVSS6.7AI score0.00301EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.4 views

PT-2024-30106 · Unknown · Super Easy Enterprise Management System

Name of the Vulnerable Software and Affected Versions: Super easy enterprise management system versions 1.0.0 and earlier Description: An issue in the system allows a local attacker to obtain the server absolute path by entering a single quotation mark. This can be exploited to gain sensitive...

5.5CVSS6.8AI score0.00301EPSS
Exploits1References9
Veracode
Veracode
added 2024/08/13 8:16 a.m.11 views

Path Traversal

typo3/cms is vulnerable to Path Traversal. The vulnerability is caused due to a missing path validation while accessing the PHP scripts for testing purposes. This can lead to disclosure of the absolute server path to the TYPO3 installation...

7AI score
Exploits0
OSV
OSV
added 2024/07/24 7:15 a.m.2 views

CVE-2024-6553

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.00373EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.29 views

RHEL 7 : jetty (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jetty: Timing channel attack in util/security/Password.java CVE-2017-9735 - jetty: full server path...

7.5CVSS7.4AI score0.05795EPSS
Exploits1References3
OSV
OSV
added 2024/05/30 9:16 p.m.11 views

GHSA-PQFV-97HJ-G97G TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure

It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation...

5.3CVSS7.1AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/30 9:16 p.m.13 views

TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure

It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation...

7.1AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.4 views

PT-2024-40408 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: A issue has been found where calling a PHP script, delivered with TYPO3 for testing purposes, reveals the absolute server path to the TYPO3 installation. Recommendations: At the moment, there...

5.3CVSS7AI score
Exploits0References6
Rows per page
Query Builder