PT-2023-20744 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application version 3.1.013 Description: The issue allows authenticated attackers to upload arbitrary files to the web root, including dangerous files such as ASP or ASPX, which can lead to command execution on the affected server...

WhiteHSBG JNDIExploit Path Traversal Vulnerability

WhiteHSBG JNDIExploit is a tool for JNDI injection exploitation, heavily referencing the code of the Rogue JNDI project, supporting direct in-memory shell implantation, and integrating common ways to bypass higher versions of the JDK, suitable for use with automation tools. A path traversal...

SQLpage vulnerable to public exposure of database credentials

Impact If - you are using a SQLPage version older than v0.11.1 - your SQLPage instance is exposed publicly - the database connection string is specified in the sqlpage/sqlpage.json configuration file not in an environment variable - the webroot is the current working directory the default - your...

Design/Logic Flaw

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

CVE-2023-42454 SQLpage vulnerable to public exposure of database credentials

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

Qlik Sense 输入验证错误漏洞

Qlik Sense is an application from Qlik USA. Allows users to create visualizations, charts, interactive dashboards and analytical applications for local and offline use. A security vulnerability exists in Qlik Sense Enterprise for Windows. An attacker could exploit the vulnerability to access file...

PT-2023-3604

Name of the Vulnerable Software and Affected Versions: Copyparty versions prior to 1.8.2 Description: The issue is related to a path traversal vulnerability detected in the .cpr subfolder, allowing an attacker to access files, directories, and commands outside the web document root directory. Thi...

Lightdash 路径遍历漏洞

Lightdash is visual data analysis tool. A security vulnerability exists in Lightdash versions prior to 0.510.3. An attacker can exploit the vulnerability to access files and directories stored outside of the web root folder...

elFinder 路径遍历漏洞

elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multi-file upload, image scaling and other features. A security vulnerability exists in versions prior to elFinder 2.1.62. An attacker can use this vulnerability to access files and directories store...

Nokia Airscale ASIKA Single RAN 路径遍历漏洞

Nokia Airscale ASIKA Single RAN is an application for end-to-end use by Nokia of Finland. A security vulnerability exists in NOKIA Airscale ASIKA Single RAN prior to version 21B. An attacker can exploit the vulnerability to access files and directories stored outside the web root folder...

多款Fortinet产品 路径遍历漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

CVE-2023-2688

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfunewpath. This allows administrator-level attackers to move files uploaded with the plugin located in...

CVE-2023-2688

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfunewpath. This allows administrator-level attackers to move files uploaded with the plugin located in...

Path traversal

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfunewpath. This allows administrator-level attackers to move files uploaded with the plugin located in...

CVE-2023-2688 WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfunewpath. This allows administrator-level attackers to move files uploaded with the plugin located in...

WordPress Plugin WordPress File Upload 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WordPress File...

Froxlor 路径遍历漏洞

Froxlor is a lightweight server management software from the Froxlor team. A path traversal vulnerability exists in Froxlor versions prior to 2.0.20. An attacker can exploit this vulnerability to access files and directories stored outside of the web root folder...

KylinSoft youker-assistant 路径遍历漏洞

KylinSoft youker-assistant is a system management and configuration tool from KylinSoft China. A security vulnerability exists in KylinSoft youker-assistant versions prior to 3.0.2-0kylin6k70-23. An attacker could exploit the vulnerability to access files and directories stored outside of the web...

Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Vulnerability

Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47878 Introduction...

Jedox 2020.2.5 Configurable Storage Path Remote Code Execution

Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47878...