11 matches found
CVE-2026-56446
MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a...
SUSE-SU-2026:22184-1 Security update for postgresql16
This update for postgresql16 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...
File-Cleaner-
I learn from this Project w Never trust user input: Attackers c...
PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits
Summary The safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall. An attacker can publish a malicious recipe bundl...
CLSA-2025-1759780820 python3: Fix of CVE-2007-4559
CVE-2007-4559: implement PEP 706 - a filter in the tarfile module to prevent directory traversal vulnerability...
CVE-2024-3238
CVE-2024-3238 affects the WordPress Menu Plugin — Superfly Responsive Menu. The vulnerability is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the ajax_handle_delete_icons() function, allowing unauthenticated attackers to delete arbitrary files if a site admin is tr...
SUSE: Security Advisory (SUSE-SU-2018:0862-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2018:1972-1 Security update for perl
This update for perl fixes the following issues: These security issue were fixed: - CVE-2018-6913: Fixed space calculation issues in pppack.c bsc1082216. - CVE-2018-6798: Fixed heap buffer overflow in regexec.c bsc1082233. - CVE-2018-6797: Fixed sharp-s regexp overflow bsc1082234. - CVE-2018-1201...
CVE-2017-10974
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...
File Traversal Protection Bypass on Error Reporting
PMASA-2016-15 Announcement-ID: PMASA-2016-15 Date: 2016-05-25 Updated: 2016-05-26 Summary File Traversal Protection Bypass on Error Reporting Description A specially crafted payload could result in the error reporting component exposing whether an arbitrary file exists on the file system and the...
Обратный путь в директориях в Tivoli SecureWay (directory traversal)
Можно обойти защиту от обратного пути используя кодирование . как 2e...