8 matches found
OESA-2026-2633 evolution-data-server security update
The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...
CVE-2026-22905 Authentication Bypass via URI Traversal
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences e.g., /js/../cgi-bin/post.cgi, gaining unauthorized access to protected CGI endpoints and configuration downloads...
PT-2021-7303 · Eclipse +1 · Eclipse Jetty +1
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.37.v20210219 through 9.4.38.v20210224 Description: The default compliance mode in Eclipse Jetty allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF director...
CVE-2018-16288
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs...
IBM WebSphere Portal Dojo Module URI Traversal Arbitrary File Access
The version of WebSphere Portal on the remote host is using a vulnerable version of the Dojo toolkit. Input to the 'path' parameter of layerLoader.jsp is not properly validated. A remote, unauthenticated attacker could exploit this to download arbitrary files. %NASLMINLEVEL 70300 C Tenable Networ...
CVE-2008-2938
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than...
Cherokee Web Server URI Traversal Arbitrary File Access
The remote host is running Cherokee - a fast and tiny web server. The remote version of this software is vulnerable to directory traversal flaw when appending a '../' sequence to the web request. Additionally, this version fails to drop root privileges after it binds to listen port. Remote attack...
Super-M Son hServer URI Traversal Arbitrary File Access
Super-M Son hServer is vulnerable to a directory traversal. It enables a remote attacker to view any file on the computer with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid11678; scriptversion"1.22";...