CVE-2023-29268

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s...

EUVD-2018-0223

Malware in sbrugna...

PT-2024-41081 · Spring · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework affected versions not specified Description: The issue is related to the org.springframework.web.multipart package of the Spring Web module in the Spring Framework, which is associated with incorrect restriction of the path...

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

Description The plugin does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to...

CVE-2023-29268

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s...

CVE-2023-29268 TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s...

PT-2023-3159 · Tibco Software · Tibco Spotfire Statistics Services

Name of the Vulnerable Software and Affected Versions: TIBCO Spotfire Statistics Services versions 11.4.10 and below TIBCO Spotfire Statistics Services versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.1.0, 12.2.0 Description: The Splus Server component o...

TIBCO Software Spotfire Statistics Services 代码问题漏洞

TIBCO Software Spotfire Statistics Services is a comprehensive library of statistics and data algorithms based on the TERR engine or other engines from TIBCO Software, USA. A security vulnerability exists in TIBCO Software Spotfire Statistics Services, which originates in the Splus Server compone...

Exploit for SQL Injection in Simple_College_Website_Project Simple_College_Website

CVE-2021-44593 Public disclosure of CVE-2021-44593. A SQL inje...

Information Disclosure

glance is vulnerable to information disclosure. A remote attacker is able to access and retrieve arbitrary files in a dot directory within the web server directory via URIs such as /.git/HEAD or /.got/logs/HEAD...

Microsoft IIS 5.0 IISAPI Extension Enumerate Root Web Server Directory Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/194/info A GET request that specifies a nonexistent file with an IISAPI-registered extension ie .pl, .idq will cause the IIS server to return an error message that includes the full path of the root web server directory...

specview 2.5 build 853 - Directory Traversal

Luigi Auriemma Application: SpecView http://www.specview.com Versions: = 2.5 build 853 Platforms: Windows Bug: web server directory traversal Exploitation: remote Date: 29 Jun 2012 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code 4 Fix...

Insufficient output sanitizing when generating configuration file.

PMASA-2010-4 Announcement-ID: PMASA-2010-4 Date: 2010-08-20 Summary Insufficient output sanitizing when generating configuration file. Description The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration...

HP OpenView Network Node Manager Multiple CGI Remote Overflows

The remote version of HP OpenView Network Node Manager fails to sanitize user-supplied input to various parameters used in the 'Openview5', 'snmpview', 'ovlogin' scripts before using it. By sending long parameters, an attacker would be able to produce a stack-based overflow and exploit it to...

Xerox Document Centre MicroServer Web Server Directory Navigation Crafted URL DoS (XRX05-004)

According to its model number and software version, the remote host is a Xerox Document Centre or WorkCentre device with an embedded web server that is prone to remote denial of service attacks. Specifically, memory on the affected device can become corrupted, triggering a crash and restart, when...

FastStone 4in1 Browser 1.2 - Web Server Directory Traversal

source: https://www.securityfocus.com/bid/12937/info A vulnerability has been identified in the handling of certain types of requests by the 4in1 Browser Web server. Because of this, it is possible for an attacker to gain access to potentially sensitive system files. This issue could be exploited...

anteco visual technologies ownserver 1.0 - Directory Traversal

source: https://www.securityfocus.com/bid/9461/info A vulnerability in OwnServer 1.0 and earlier has been reported that may allow a remote attacker to view files residing outside of the web server root directory on the affected system. http://www.example.com/../../boot.ini...

Microsoft IIS 5.0 - IISAPI Extension Enumerate Root Web Server Directory

Microsoft IIS 5.0 - IISAPI Extension Enumerate Root Web Server Directory source: https://www.securityfocus.com/bid/194/info A GET request that specifies a nonexistent file with an IISAPI-registered extension ie .pl, .idq will cause the IIS server to return an error message that includes the full...