Access Bypass

ezsystems/ezplatform is vulnerable to Access Bypass. The vulnerability is due to inadequate rewrite rules for blocking access to executable files in the var directory when using eZ Platform Cloud on Platform.sh...

PT-2024-40140 · Ez Systems · Ez Platform

Name of the Vulnerable Software and Affected Versions: ezplatform versions prior to 1.7.9.1 ezplatform versions prior to 1.13.5.1 ezplatform versions prior to 2.5.4.1 Description: The issue affects eZ Platform setups on the Platform.sh cloud service, where a rewrite rule intended to block access ...

GHSA-GQCF-83RQ-GPFR Any storage file can be downloaded from p.sh if full server path is known

The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...

CVE-2021-37345

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions...

CVE-2021-37345

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. Nagios XI suffers from a security vulnerability that originates from the fact that xi-sys.cfg in Nagios XI...

Linux: Check options for /var directory

The /var directory is used by the system during an operation. This script tests options set on /var filesystem. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU...

Dialogic PowerMedia XMS Information Disclosure Vulnerability

Dialogic PowerMedia XMS is a highly scalable, software-only media server that supports standards-based, real-time multimedia communication solutions for mobile and broadband environments. An information disclosure vulnerability exists in the management console of Dialogic PowerMedia XMS 3.5 and...

CVE-2018-11637

Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root...

PT-2017-6652 · Openhpi +2 · Openhpi +2

Name of the Vulnerable Software and Affected Versions: OpenHPI versions prior to 3.6.0 Description: The issue allows local users to cause a denial of service due to disk consumption by filling the filesystem hosting /var/lib. This is possible because the /var/lib/openhpi directory has...