134 matches found
CVE-2023-27792
An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories...
CVE-2022-27665
Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...
SUSE CVE-2009-3894
Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in 1 the current working directory or 2 a certain subdirectory of the current working directory...
SUSE CVE-2011-1836
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process...
SUSE CVE-2020-12062
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...
SUSE CVE-2020-12415
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox 78...
SUSE CVE-2021-3178
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attac...
SUSE CVE-2022-4123
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality...
VulnCheck KEV: CVE-2009-2521
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services IIS 5.0 through 7.0 allows remote authenticated users to cause a denial of service daemon crash via a list ls -R command containing a wildcard that references a subdirectory, followed by a...
Authentication flaw
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...
CVE-2022-4417
CVE-2022-4417 affects the WordPress plugin WP Cerber Security, Anti-spam & Malware Scan older than 9.3.3. The issue is improper access control of the REST API users endpoint when the blog is hosted in a subdirectory, enabling potential user enumeration. The practical impact is limited to informat...
CVE-2022-4417 WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...
PT-2023-14432 · WordPress · Wp Cerber Security
Name of the Vulnerable Software and Affected Versions: WP Cerber Security, Anti-spam & Malware Scan WordPress plugin versions prior to 9.3.3 Description: The issue concerns improper access control to the REST API users endpoint when the blog is in a subdirectory. This could allow attackers to...
WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API
The plugin does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users PoC When the "Block access to users' data via REST API" settings is enabled...
UBUNTU-CVE-2022-4123
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality...
Buildah has unspecified vulnerabilities
Bulidah is an open source, Linux-based tool from Containers open source. It is used to build containers that are compatible with the Open Container Initiative OCI.Containers Buildah suffers from a security vulnerability. An attacker could exploit the vulnerability to cause local path and...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-2392)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.2.2 : openssh (EulerOS-SA-2021-2153)
According to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which...
Akkadian Provisioning Manager 安全漏洞
Akkadian Provisioning Manager is a provisioning solution from Akkadian USA for new integrations for more robust provisioning automation. A security vulnerability exists in Akkadian Provisioning Manager 4.50.02 that allows an attacker to view sensitive information in the pme subdirectory...
Security Bulletin: Eclipse Jetty Vulnerability Affects IBM Control Center (CVE-2020-27216)
Summary Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system. Vulnerability Details CVEID: CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in th...