Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path

Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47878...

Pimcore 路径遍历漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A path traversal vulnerability exists in Pimco...

Mlflow 安全漏洞

Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow versions prior to 2.3.1. An attacker exploiting this vulnerability could access files and directories stored outside of the web root folder...

Git 路径遍历漏洞

Git is a free, open source distributed version control system. Git suffers from a path traversal vulnerability. An attacker could use this vulnerability to access files and directories stored outside the web root folder. The following versions are affected: 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8,...

go-fastdfs 代码问题漏洞

go-fastdfs is a simple distributed file system private cloud storage, with no center, high performance, high reliability, maintenance-free and other advantages, support for intermittent uploads, chunked uploads, small file merging, auto-synchronization, auto-repair. sjqzhang go-fastdfs version...

go-huge-util 路径遍历漏洞

go-huge-util is a utility function commonly used in Go. A path traversal vulnerability exists in go-huge-util versions prior to 0.0.34. This vulnerability can be exploited to access files and directories stored outside of the web root folder...

Flarum 路径遍历漏洞

Flarum is an open source forum system for the Flarum community. A path traversal vulnerability exists in Flarum versions prior to 1.7.0. An attacker can exploit this vulnerability to access files and directories stored outside the web root folder...

FastCMS 路径遍历漏洞

FastCMS is a content management system from FastCMS, Inc. FastCMS suffers from a path traversal vulnerability. An attacker can use this vulnerability to access files and directories stored outside of the web root folder...

ForgeRock Access Management 路径遍历漏洞

ForgeRock Access Management is a comprehensive, unified solution from ForgeRock USA designed to quickly enable a superior experience tailored to the unique needs of users and employees. A security vulnerability exists in ForgeRock Access Management Web Policy Agent version 5.10.1 and prior...

ForgeRock Access Management 路径遍历漏洞

ForgeRock Access Management is a comprehensive, unified solution from ForgeRock USA designed to quickly enable superior experiences tailored to the unique needs of users and employees. A security vulnerability exists in ForgeRock Access Management Java Policy Agent version 5.10.1 and prior...

Google Golang 路径遍历漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions prior to 7.12.9. An attacker could exploit the vulnerability to access files and directories stored outside of the web root folder...

K29923912: BIG-IP Configuration utility vulnerability CVE-2020-5916

Security Advisory Description The Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. CVE-2020-5916 Impact Requests to the Configuration utility can result in arbitrary file reads outside of the web root directory...

PT-2023-16568 · Netmodule · Netmodule Nsrw

Name of the Vulnerable Software and Affected Versions: NetModule NSRW versions 4.3.0.0 through 4.3.0.118 NetModule NSRW versions 4.4.0.0 through 4.4.0.117 NetModule NSRW versions 4.6.0.0 through 4.6.0.104 NetModule NSRW versions 4.7.0.0 through 4.7.0.102 Description: The NetModule NSRW web...

SUSE CVE-2006-5117

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...

SUSE CVE-2007-0079

rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 1 data/admin.mdb or 2 data/rblog.mdb...

SUSE CVE-2007-0078

BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb...

SUSE CVE-2008-1291

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder...

SUSE CVE-2008-2402

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

SUSE CVE-2012-4747

Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read 1 template aka .tmpl files, 2 other custom...