ElasticSearch <1.6.1 - Local File Inclusion

ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. id: CVE-2015-5531 info: name: ElasticSearch 1.6.1 - Local File Inclusion author: princechaddha severity: medium description: ElasticSearch before 1.6.1 allows remote...

CVE-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots

Any Editor could delete any snapshot, even if they have no access to read or write them...

CVE-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots

Any Editor could delete any snapshot, even if they have no access to read or write them...

EUVD-2018-15613

Malware in sbrugna...

EUVD-2022-3784

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2015-5531

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls...

CVE-2024-3078

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 i...

Qdrant 路径遍历漏洞

Qdrant is a vector similarity search engine and vector database. A path traversal vulnerability exists in Qdrant, which stems from a path traversal vulnerability in the component Full Snapshot REST API. Affected products and versions: Qdrant 1.6.1 and earlier, 1.7.4 and earlier, 1.8.2 and earlier...

GHSA-FH5X-4J57-6Q5X Improper Access Control in Elasticsearch

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and...

Improper Access Control in Elasticsearch

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and...

GHSA-JJQ8-VFJQ-J6V4 Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls...

Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls...

Exploit for Missing Authentication for Critical Function in Grafana

CVE-2019-15043 POC Description Proof of concept scan to c...

grafana: incorrect access control in snapshot HTTP API leads to denial of service

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana...

CVE-2018-3826

In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the snapshot API. When the accesskey and securitykey parameters are set using the snapshot API they can be exposed as plain text by users able to query the snapshot API...

CVE-2018-3826

In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the snapshot API. When the accesskey and securitykey parameters are set using the snapshot API they can be exposed as plain text by users able to query the snapshot API...

CVE-2015-4165

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and...

UBUNTU-CVE-2015-4165

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and...

Code injection

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and...

CVE-2015-4165

Elasticsearch CVE-2015-4165 affects versions 1.0.0 through 1.5.2. The vulnerability leverages the snapshot API to place writeable snapshot metadata files in locations read by another application, which could lead to arbitrary code execution when the Java VM running Elasticsearch can write to such...