1370 matches found
WordPress Media File Organizer plugin directory traversal vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A directory traversal vulnerability exists in version 1.0.1 of the Media File Organizer plugin for...
CVE-2020-24143
Directory traversal in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter...
CVE-2020-24144
Directory traversal in the Media File Organizer aka media-file-organizer plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items parameter in a move operation...
CVE-2020-24143
Directory traversal in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter...
CVE-2020-24144
Directory traversal in the Media File Organizer aka media-file-organizer plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items parameter in a move operation...
WordPress 路径遍历漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A path traversal vulnerability exists in WordPress Ninja Team Video Downloader for TikTok, which ste...
Directory Traversal
flow-server is vulnerable to directory traversal. The attack is possible due to a lack of proper validation of URL path, allowing an attacker to inject ../ characters into in parameters to access resources outside of the web root...
Information Disclosure
shopware/production is vulnerable to information disclosure. The .env and other confidential files can be accessed if the project root is configured as the web root...
Exposure of .env if project root is configured as web root in shopware/production
Impact The .env and other sensitive files can be leaked if the project root and not /public is configured as the web root. Patches We recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview...
GHSA-3PCR-4982-548M Exposure of .env if project root is configured as web root in shopware/production
Impact The .env and other sensitive files can be leaked if the project root and not /public is configured as the web root. Patches We recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview...
CVE-2021-26293
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...
CVE-2021-26293
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...
Directory traversal
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...
CVE-2021-26293
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...
CVE-2020-28645
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions 10.6...
CVE-2020-28645
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions 10.6...
Design/Logic Flaw
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions 10.6...
CVE-2020-28645
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions 10.6...
CVE-2020-28645
CVE-2020-28645 affects the ownCloud Core before version 10.6. The issue, described as deleting users with certain names causing system files to be deleted, implies a vulnerability in user handling where specific usernames trigger file deletions when data directories are web-rooted. The available ...
Missing user validation leading to information disclosure
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root...