1368 matches found
Zimbra Collaboration Suite Remote Code Execution Vulnerability
Zimbra Collaboration Suite ZCS is an open source collaborative office suite. The product includes WebMail, Calendar, Address Book, etc. A security vulnerability exists in Zimbra Collaboration Suite ZCS versions 8.8.15 and 9.0, which stems from a lack of valid authentication of uploaded files by t...
CVE-2021-42052
IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter...
CVE-2021-42052
IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter...
Path traversal
IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter...
CVE-2021-42052
CVE-2021-42052 affects IPESA e-Flow 3.3.6. The vulnerability is a path traversal that allows reading any file within the web root via the lib/js/build/STEResource.res path and the R query parameter. It is documented with a high CVSS score (7.5, HIGH) and network attack vector with no privileges r...
CVE-2021-42052
IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter...
IPESA e-Flow 路径遍历漏洞
IPESA e-Flow is a comprehensive solution from IPESA designed to improve the customer experience. A security vulnerability exists in IPESA e-Flow version 3.3.6 that stems from allowing path traversal to read any file in the web root directory...
GHSA-83H6-22CP-F22W TeamPass files are available without authentication
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files...
TeamPass files are available without authentication
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files...
OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization
Affected Versions: Version 2.2.0 is affected, and prior versions are likely affected too. - Vulnerabilities Description: Vulnerable component is switching to another tab. To exploit vulnerability, an attacker may send a POST request with application/x-www-form-urlencoded content-type to AJAX...
Apache Tomcat Leaks Information via Error Message
Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message...
Apache Tomcat Leaks Pathname Information via Error Message
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by 1 +/, 2 /, 3 /, and 4 %20/, which leaks the pathname in an error message...
GHSA-R6CF-CR44-M8RR Apache Tomcat Leaks Pathname Information via Error Message
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by 1 +/, 2 /, 3 /, and 4 %20/, which leaks the pathname in an error message...
Exploit for Path Traversal in Wso2 Api_Manager
😭 WSOB CVE-2022-29464...
CVE-2022-29464
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps...
CVE-2022-29464
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps...
CVE-2022-29464
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps...
RiteCMS arbitrary file overwrite vulnerability
RiteCMS is a web CMS. An arbitrary file overwrite vulnerability exists in RiteCMS versions 3.1.0 and below, which stems from the failure of a web system or product to properly filter special elements in a resource or file path, and can be exploited by an authenticated attacker to overwrite any fi...
CVE-2022-24248
RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root along with any other file on the server that the PHP process user has the prope...
RiteCMS 路径遍历漏洞
RiteCMS is a web CMS. A path traversal vulnerability exists in RiteCM, which can be exploited by an authenticated attacker to delete any file in the web root directory...