![]() ![]() Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. txt file.Ībsolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.Īn issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal.Ĭopyparty is a portable file server. Rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.Īn issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.Ī directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?././././././././././etc/passwd" in an xi:include element. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service-key file overwrite. Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. This leads to remote code execution when external device integration is enabled (a very common configuration).Ī directory traversal vulnerability in the Captive Portal templates of OPNsense before 23.7 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.Ī path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.Ī path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration.Ī path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. Version 8.1.1 contains a patch for this issue. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. PrestaShop is an open source e-commerce web application. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (./) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. VDB-236206 is the identifier assigned to this vulnerability.Īn issue was discovered in zola 0.13.0 through 0.17.2. The exploit has been disclosed to the public and may be used. The manipulation of the argument Files leads to path traversal: './filedir'. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. ![]() ![]() The associated identifier of this vulnerability is VDB-236207.Ī vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. The manipulation of the argument FileDirectory leads to absolute path traversal. This issue affects some unknown processing of the file \Service\FileHandler.ashx. A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |