Lucene search
K

134 matches found

OSV
OSV
added 2023/10/19 9:15 p.m.4 views

CVE-2023-27792

An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories...

7.8CVSS5.8AI score0.00221EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/04/03 2:15 p.m.3 views

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

6.1CVSS6.3AI score0.33112EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.4 views

SUSE CVE-2009-3894

Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in 1 the current working directory or 2 a certain subdirectory of the current working directory...

4.4CVSS7.2AI score0.0034EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.3 views

SUSE CVE-2011-1836

utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process...

4.6CVSS6.6AI score0.00378EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.2 views

SUSE CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS8.2AI score0.02267EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.4 views

SUSE CVE-2020-12415

When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox 78...

6.5CVSS8.1AI score0.01272EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.3 views

SUSE CVE-2021-3178

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attac...

6.5CVSS6.5AI score0.02417EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.3 views

SUSE CVE-2022-4123

A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality...

3.3CVSS6.4AI score0.00238EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2023/02/14 12:0 a.m.3 views

VulnCheck KEV: CVE-2009-2521

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services IIS 5.0 through 7.0 allows remote authenticated users to cause a denial of service daemon crash via a list ls -R command containing a wildcard that references a subdirectory, followed by a...

5CVSS5.8AI score0.82265EPSS
Exploits9References1
Prion
Prion
added 2023/01/02 10:15 p.m.17 views

Authentication flaw

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

5CVSS5.3AI score0.00671EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/01/02 9:49 p.m.67 views

CVE-2022-4417

CVE-2022-4417 affects the WordPress plugin WP Cerber Security, Anti-spam & Malware Scan older than 9.3.3. The issue is improper access control of the REST API users endpoint when the blog is hosted in a subdirectory, enabling potential user enumeration. The practical impact is limited to informat...

5.3CVSS5.2AI score0.00671EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/01/02 9:49 p.m.22 views

CVE-2022-4417 WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

5.5AI score0.00671EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/01/02 12:0 a.m.5 views

PT-2023-14432 · WordPress · Wp Cerber Security

Name of the Vulnerable Software and Affected Versions: WP Cerber Security, Anti-spam & Malware Scan WordPress plugin versions prior to 9.3.3 Description: The issue concerns improper access control to the REST API users endpoint when the blog is in a subdirectory. This could allow attackers to...

5.3CVSS5.2AI score0.00671EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2022/12/12 12:0 a.m.16 views

WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The plugin does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users PoC When the "Block access to users' data via REST API" settings is enabled...

5.3CVSS2.9AI score0.00671EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/12/08 4:15 p.m.3 views

UBUNTU-CVE-2022-4123

A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality...

3.3CVSS7AI score0.00238EPSS
Exploits0References3
CNVD
CNVD
added 2022/11/24 12:0 a.m.64 views

Buildah has unspecified vulnerabilities

Bulidah is an open source, Linux-based tool from Containers open source. It is used to build containers that are compatible with the Open Container Initiative OCI.Containers Buildah suffers from a security vulnerability. An attacker could exploit the vulnerability to cause local path and...

3.3CVSS3.5AI score0.00238EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/09/15 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-2392)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.9AI score0.16523EPSS
Exploits18References2
Tenable Nessus
Tenable Nessus
added 2021/07/06 12:0 a.m.47 views

EulerOS Virtualization 3.0.2.2 : openssh (EulerOS-SA-2021-2153)

According to the version of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which...

7.5CVSS7.5AI score0.02267EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/07/01 12:0 a.m.4 views

Akkadian Provisioning Manager 安全漏洞

Akkadian Provisioning Manager is a provisioning solution from Akkadian USA for new integrations for more robust provisioning automation. A security vulnerability exists in Akkadian Provisioning Manager 4.50.02 that allows an attacker to view sensitive information in the pme subdirectory...

7.5CVSS7.3AI score0.06714EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/14 9:20 p.m.37 views

Security Bulletin: Eclipse Jetty Vulnerability Affects IBM Control Center (CVE-2020-27216)

Summary Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system. Vulnerability Details CVEID: CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in th...

7CVSS2AI score0.043EPSS
Exploits1Affected Software1
Rows per page
Query Builder