CVE-2021-41950

A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...

Montala ResourceSpace 路径遍历漏洞

ResourceSpace is a digital asset management tool that enables users to organize their digital assets. a directory traversal vulnerability exists in ResourceSpace. An attacker could exploit the vulnerability to delete arbitrary files on the ResourceSpace server via the provider and variant...

PT-2021-23456 · Unknown · Resourcespace

Name of the Vulnerable Software and Affected Versions: ResourceSpace versions 9.6 through 9.6 rev 18277 Description: A directory traversal issue allows remote unauthenticated attackers to delete arbitrary files on the server via the provider and variant parameters in "pages/ajax/tiles.php"...

foreman: Missing input validation in Smart Proxy allows RCE via TFTP file variant parameter

It was found that the “variant” parameter in the TFTP API of Foreman was passed to the eval function. An attacker could possibly use this flaw to execute arbitrary code with the privileges of the Foreman user...